From owner-freebsd-security@FreeBSD.ORG Tue Jun 20 15:05:53 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EAE4616A47B for ; Tue, 20 Jun 2006 15:05:53 +0000 (UTC) (envelope-from dan@obluda.cz) Received: from smtp1.kolej.mff.cuni.cz (smtp1.kolej.mff.cuni.cz [195.113.24.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3BD1043D6E for ; Tue, 20 Jun 2006 15:05:52 +0000 (GMT) (envelope-from dan@obluda.cz) X-Envelope-From: dan@obluda.cz Received: from [10.20.0.26] (openvpn.ms.mff.cuni.cz [195.113.20.87]) by smtp1.kolej.mff.cuni.cz (8.13.1/8.13.1) with ESMTP id k5KF6A31084595 for ; Tue, 20 Jun 2006 17:06:12 +0200 (CEST) (envelope-from dan@obluda.cz) Message-ID: <44980ECC.5000607@obluda.cz> Date: Tue, 20 Jun 2006 17:05:48 +0200 From: Dan Lukes User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.0.4) Gecko/20060605 SeaMonkey/1.0.2 MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <20060618203903.31161.qmail@web30306.mail.mud.yahoo.com> <44967861.6070509@obluda.cz> <20060620125350.10d0c9ef.nick@nickwithers.com> In-Reply-To: <20060620125350.10d0c9ef.nick@nickwithers.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: memory pages nulling when releasing X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2006 15:05:54 -0000 Nick Withers napsal/wrote, On 06/20/06 04:53: >> To Nick: OS doesn't zero on free. > > FreeBSD does*, if the "J" flag is set in _malloc_options / You speak what the libc does, not about OS itself. I can wrote program using brk/sbrk (another libc functions) to manage it's memory. It set the "end margin" of program's data segment. I think it doesn't zero the end of data segment before shrinking. But I need no libc to wrote a program at all ... Well, if we want to speak about OS memory management we need to clarify what the memory we speak of and what exactly we thing saying "free of a memory". > * Alright, it doesn't zero, as such, but will (again, unless > I've misunderstood the malloc(3) man page) initialise each byte > to 0xd0 2006/6/20, Nick Withers : > There's "Z" malloc option that's used to initialise page with zeros > instead of 0xd0 Difference betwen Z and J isn't the fill value only. Z apply for allocations of new memory (when imalloc() called); J apply on changes in allocated block size (e.g. realloc) and free. So 'Z' doesn't "zero on free" but "zero on alloc". Well, things aren't simple as Z implies J ... BTW, Z nor J doesn't imply 'R' despite of text of manual page. Dan -- Dan Lukes SISAL MFF UK AKA: dan@obluda.cz, dan@freebsd.cz,dan@kolej.mff.cuni.cz