Date: Tue, 20 Jun 2006 12:53:50 +1000 From: Nick Withers <nick@nickwithers.com> To: Dan Lukes <dan@obluda.cz> Cc: freebsd-security@freebsd.org Subject: Re: memory pages nulling when releasing Message-ID: <20060620125350.10d0c9ef.nick@nickwithers.com> In-Reply-To: <44967861.6070509@obluda.cz> References: <20060618203903.31161.qmail@web30306.mail.mud.yahoo.com> <44967861.6070509@obluda.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 19 Jun 2006 12:11:45 +0200 Dan Lukes <dan@obluda.cz> wrote: (snip) > To Nick: OS doesn't zero on free. FreeBSD does*, if the "J" flag is set in _malloc_options / MALLOC_OPTIONS, as per my original message (or at least, I believe this is the case, going by malloc(3)'s man page - please correct me if I'm wrong). * Alright, it doesn't zero, as such, but will (again, unless I've misunderstood the malloc(3) man page) initialise each byte to 0xd0 > For better security of your sensitive data you need zero the memory by > self. For inspiration I recommend to see the CRYPT_malloc/CRYPT_free > implementation in OpenSSL. Don't forget the edge situations also (when > your program can prematurely exits, you need the clean the key memory > on "atexit" or so). Good point, I hadn't thought of that! > You may need to avoid swapping of memory with sensitive data also - see > man mlock. > > But security knows no simple measures. You need think carefully about > your specific situation then decide what measures are appropriate. More > security measures may not cause more real security - it can have > opposite effect also. > > Dan > > > -- > Dan Lukes SISAL MFF UK > AKA: dan@obluda.cz, dan@freebsd.cz,dan@kolej.mff.cuni.cz -- Nick Withers email: nick@nickwithers.com Web: http://www.nickwithers.com Mobile: +61 414 397 446
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060620125350.10d0c9ef.nick>