From owner-freebsd-security@FreeBSD.ORG Thu Sep 12 05:36:00 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id D61DA299 for ; Thu, 12 Sep 2013 05:36:00 +0000 (UTC) (envelope-from jmg@h2.funkthat.com) Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 9B7882121 for ; Thu, 12 Sep 2013 05:36:00 +0000 (UTC) Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id r8C5ZxrI090799 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Sep 2013 22:35:59 -0700 (PDT) (envelope-from jmg@h2.funkthat.com) Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id r8C5ZxxH090798; Wed, 11 Sep 2013 22:35:59 -0700 (PDT) (envelope-from jmg) Date: Wed, 11 Sep 2013 22:35:59 -0700 From: John-Mark Gurney To: Jonathon Wright Subject: Re: FreeBSD Transient Memory problem? Message-ID: <20130912053559.GF68682@funkthat.com> Mail-Followup-To: Jonathon Wright , freebsd-security@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 7.2-RELEASE i386 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Wed, 11 Sep 2013 22:35:59 -0700 (PDT) Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Sep 2013 05:36:00 -0000 Jonathon Wright wrote this message on Wed, Sep 11, 2013 at 14:15 -1000: > I have posted this question (username-scryptkiddy) in the forums: > http://forums.freebsd.org/showthread.php?t=41875 > but was suggested to bring it here to the mailing list for discussion. > > Basically, FreeBSD 8.3 (64bit) is what we use in our shop. We were > inspected by a security team and they had issues with FreeBSD's memory > management. > > Namely the transient memory and object reuse areas of FreeBSD. They claimed > that FreeBSD did not have a Common Criteria (EAL1-4) evaluation completed, > and therefore was vulnerable to the Transient memory problem. Any system that uses malloc will have difficulties with this as most versions of free will not zero out the memory... You could make modifications to kernel malloc to always zero memory on free, and turn on the junk feature of jemalloc and that could possibly close this issue for them... > Our higher ups need some sort of documentation / testing that can be used > to counter this, since changing Operating Systems is not something we have > time / manpower to do, but might have too based on this supposed 'finding'. > > The post has all the details. Let me know I need to repost in this as well. I know that FreeBSD 4.7 and 4.9 has been EAL3 ceritfied. I worked for nCircle a number of years ago, and they got their products EAL3 cerified. Link: http://www.commoncriteriaportal.org:80/files/epfiles/nCircle%20CR%20v1.0.pdf It is possible someone else has received certification on a newer version, but I'm not aware of any at this time... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."