From owner-freebsd-security@FreeBSD.ORG Tue Jun 20 12:19:27 2006 Return-Path: X-Original-To: freebsd-security@FreeBSD.ORG Delivered-To: freebsd-security@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A58B16A47B for ; Tue, 20 Jun 2006 12:19:27 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 88F4143D6B for ; Tue, 20 Jun 2006 12:19:24 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (hevuhu@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.4/8.13.4) with ESMTP id k5KCJHTu067326 for ; Tue, 20 Jun 2006 14:19:22 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.4/8.13.1/Submit) id k5KCJHlS067325; Tue, 20 Jun 2006 14:19:17 +0200 (CEST) (envelope-from olli) Date: Tue, 20 Jun 2006 14:19:17 +0200 (CEST) Message-Id: <200606201219.k5KCJHlS067325@lurza.secnetix.de> From: Oliver Fromme To: freebsd-security@FreeBSD.ORG In-Reply-To: <3bcb4e3f0606181309h70c08dc6l691bbb6e5b48615a@mail.gmail.com> X-Newsgroups: list.freebsd-security User-Agent: tin/1.8.0-20051224 ("Ronay") (UNIX) (FreeBSD/4.11-STABLE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Tue, 20 Jun 2006 14:19:22 +0200 (CEST) X-Mailman-Approved-At: Tue, 20 Jun 2006 14:41:13 +0000 Cc: Subject: Re: memory pages nulling when releasing X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-security@FreeBSD.ORG List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2006 12:19:27 -0000 Nick Borisov wrote: > Dag-Erling Smørgrav wrote: > > "Nick Borisov" wrote: > > > Could you tell me if FreeBSD supports memory page nulling when > > > releasing it to prevent unauthorized access to data left in the page > > > after it's allocated again. > > > > Processes always get zeroed pages from the kernel. This is the case > > for all Unices, and has been for decades. > > Well, providing zeroed pages to processes is not quite similar to > explicit cleaning of pages after use as some security standards > demand. If that's what you mean, then why not simply use memset() after use? (And of course use mlock().) If that's not what you mean, then please explain _exactly_ what you mean. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead." -- RFC 1925