Date: Sun, 18 Jun 2006 03:09:19 -0700 (PDT) From: "R. B. Riddick" <arne_woerner@yahoo.com> To: Nick Borisov <neiro21@gmail.com>, freebsd-security@freebsd.org Subject: Re: memory pages nulling when releasing Message-ID: <20060618100919.95685.qmail@web30303.mail.mud.yahoo.com> In-Reply-To: <3bcb4e3f0606180127m3c4fdb13n2b42deb881b7bdc6@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Nick Borisov <neiro21@gmail.com> wrote: > Could you tell me if FreeBSD supports memory page nulling when > releasing it to prevent unauthorized access to data left in the page > after it's allocated again. > If it does, what sys calls etc provide that? > IMHO this is an important issue when operating data with different > sensivity levels. > It is important, that no user process can look at non-shared (mmap(2) / MAP_SHARED) pages in main memory that were used by another process before. I think FreeBSD does it as follows (but I am not sure): 1. If a page is allocated for a process it is either overwritten with zeroes (0x00) (e. g. in case of a page for the stack segment of a process) or it is overwritten with the bytes of an executable or another file or so... 2. For maximum performance the system keeps a bunch of "pre-zero-ed" pages, so that the OS is quite fast, when a process wants pages for data (malloc(3)) or for stack. Here is my "proof": :-) % vmstat -s | grep zero 3840247 zero fill pages zeroed 844738 zero fill pages prezeroed -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060618100919.95685.qmail>