From owner-freebsd-security@FreeBSD.ORG Sun Jun 18 10:09:20 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD86216A506 for ; Sun, 18 Jun 2006 10:09:20 +0000 (UTC) (envelope-from arne_woerner@yahoo.com) Received: from web30303.mail.mud.yahoo.com (web30303.mail.mud.yahoo.com [68.142.200.96]) by mx1.FreeBSD.org (Postfix) with SMTP id 5A4C343D45 for ; Sun, 18 Jun 2006 10:09:20 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: (qmail 95687 invoked by uid 60001); 18 Jun 2006 10:09:19 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=nTAoVk2Q/0LIOPzsE23TVWwakqdil0xwNcD9v9t3t5mF/e3ldwxtLAbkXTDVCjqmX6eIdnZA41BrfidKtpmzvAv6xvTP2SUU0YiBZiitjbfeoKsonSPRnTFcNmEysf2q8F91fevf2vSg0yHhA7GlIYwqSuNAEcm0IUPaUkXVn2o= ; Message-ID: <20060618100919.95685.qmail@web30303.mail.mud.yahoo.com> Received: from [213.54.64.243] by web30303.mail.mud.yahoo.com via HTTP; Sun, 18 Jun 2006 03:09:19 PDT Date: Sun, 18 Jun 2006 03:09:19 -0700 (PDT) From: "R. B. Riddick" To: Nick Borisov , freebsd-security@freebsd.org In-Reply-To: <3bcb4e3f0606180127m3c4fdb13n2b42deb881b7bdc6@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: Subject: Re: memory pages nulling when releasing X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jun 2006 10:09:20 -0000 --- Nick Borisov wrote: > Could you tell me if FreeBSD supports memory page nulling when > releasing it to prevent unauthorized access to data left in the page > after it's allocated again. > If it does, what sys calls etc provide that? > IMHO this is an important issue when operating data with different > sensivity levels. > It is important, that no user process can look at non-shared (mmap(2) / MAP_SHARED) pages in main memory that were used by another process before. I think FreeBSD does it as follows (but I am not sure): 1. If a page is allocated for a process it is either overwritten with zeroes (0x00) (e. g. in case of a page for the stack segment of a process) or it is overwritten with the bytes of an executable or another file or so... 2. For maximum performance the system keeps a bunch of "pre-zero-ed" pages, so that the OS is quite fast, when a process wants pages for data (malloc(3)) or for stack. Here is my "proof": :-) % vmstat -s | grep zero 3840247 zero fill pages zeroed 844738 zero fill pages prezeroed -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com