From owner-freebsd-questions@FreeBSD.ORG Wed Apr 27 19:24:19 2011 Return-Path: <owner-freebsd-questions@FreeBSD.ORG> Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 56C48106566B for <freebsd-questions@freebsd.org>; Wed, 27 Apr 2011 19:24:19 +0000 (UTC) (envelope-from modulok@gmail.com) Received: from mail-gw0-f54.google.com (mail-gw0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id 14FF88FC08 for <freebsd-questions@freebsd.org>; Wed, 27 Apr 2011 19:24:18 +0000 (UTC) Received: by gwb15 with SMTP id 15so954100gwb.13 for <freebsd-questions@freebsd.org>; Wed, 27 Apr 2011 12:24:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=FVDUEZGxDfGfY/b/uFRTxBgnd3izZjYT52UvbgQ3Fp0=; b=BrXBjpU8XoZKQamzz0WJmOWogyWvyJKTGPi7CI5qmFpzkRvwwo+VWe/2ztBf/DtWl7 ePphmxHwhnfSctD/tXYnrLnt8zhd95GEgNCIl7uasm7rTeB9shGi6xWkLta6/GTt3uSy ewutbOO/zdfZEBgvWD1abbhBjw5O2iRQPjAVI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=uWWmrHGISe7mry/VP6swtYjHnZEQ2WfpU1nTPQF7WKcbYc5SkzK4OW2NKKzfAkSJEj vKwhh8htGf7NUOY8G/AxBF1Nj7KfdIJ9fpf76spK6C+VqmWlHBJmOz4DSB3oHmp1Z5iF lDZBmBc8FOVUQ6btpPROa/Pt1cLkrlgUtddt0= MIME-Version: 1.0 Received: by 10.101.32.1 with SMTP id k1mr1721801anj.0.1303932258271; Wed, 27 Apr 2011 12:24:18 -0700 (PDT) Received: by 10.100.106.1 with HTTP; Wed, 27 Apr 2011 12:24:18 -0700 (PDT) In-Reply-To: <20110425151846.0a5359fd@gumby.homeunix.com> References: <BANLkTimJWAxW_4OmoeBQrvDDLjD-5Vr5hQ@mail.gmail.com> <BANLkTin_S+BRWu79AH16tPdgZd+UgZQAzQ@mail.gmail.com> <20110425151846.0a5359fd@gumby.homeunix.com> Date: Wed, 27 Apr 2011 13:24:18 -0600 Message-ID: <BANLkTiku6LsSYBV0OVy73hSZmAzyhrM1Uw@mail.gmail.com> From: Modulok <modulok@gmail.com> To: RW <rwmaillists@googlemail.com> Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-questions@freebsd.org Subject: Re: Password theft from memory? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions <freebsd-questions.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions> List-Post: <mailto:freebsd-questions@freebsd.org> List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=subscribe> X-List-Received-Date: Wed, 27 Apr 2011 19:24:19 -0000 >> On Sun, Apr 24, 2011 at 7:10 PM, Modulok <modulok@gmail.com> wrote: >> > I don't know if this is a problem on FreeBSD... >> > >> > Process A requests memory. >> > Process A Stores a plaintext password in memory or other sensitive >> > data. Process A terminates and the memory is reclaimed by kernel. >> > >> > Process B requests a *huge* chunk of memory. >> > Process B crawls the uninitialized memory, looking for ProcessA's >> > previously stored password. >> > >> > Does anyone know if this is even possible on FreeBSD? > AFAIK it's the responsibly of the programmer to avoid data leaking. > Passwords are commonly overwritten as soon as they no longer needed. I > think geli keeps persistent key information in kernel wired-memory. If you're writing in an language which has direct memory access you can easily overwrite sensitive regions of memory upon program exit. But what about higher level, dynamic languages where direct memory access is not available? For example, if I write program in Python (or a some other language) which processes plaintext passwords or credit card numbers, on a shared host, can that data be found in memory by another user's process designed to recognize such patterns in large allocations? (Patterns like SS numbers, credit cards, regions near strings like 'password' and so on.) I know that each process has its own private memory segment, but after a process exits, it nolonger owns that memory. What happens to it? If it's not zeroed out by my process, and it doesn't turn into pixie food, and it's not zeroed out by malloc... it still exists somewhere. Maybe this would be best on hackers? -Modulok-