Date: Mon, 25 Apr 2011 23:29:08 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-questions@freebsd.org Subject: Re: Password theft from memory? Message-ID: <20110425232908.4104e026@gumby.homeunix.com> In-Reply-To: <20110425175420.GA61811@stainmore> References: <BANLkTimJWAxW_4OmoeBQrvDDLjD-5Vr5hQ@mail.gmail.com> <BANLkTin_S%2BBRWu79AH16tPdgZd%2BUgZQAzQ@mail.gmail.com> <20110425151846.0a5359fd@gumby.homeunix.com> <20110425151536.GA61425@stainmore> <BANLkTinvvWhEy_A5ao=XWTpQOSTX0Vm2_A@mail.gmail.com> <20110425175420.GA61811@stainmore>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 25 Apr 2011 13:54:20 -0400 Bob Hall <rjhjr0@gmail.com> wrote: > On Mon, Apr 25, 2011 at 05:46:33PM +0200, C. P. Ghost wrote: > > On Mon, Apr 25, 2011 at 5:15 PM, Bob Hall <rjhjr0@gmail.com> wrote: > > > On Mon, Apr 25, 2011 at 03:18:46PM +0100, RW wrote: > > >> I don't believe the heap is allocated zeroed pages. =A0The kernel > > >> does allocate such pages to the BSS segment, but that's because > > >> it holds zeroed data such as C static variables. > > > > > > According to McKusick and Neville-Neil's book on FreeBSD, sbrk > > > extends the uninitialized data segment with zero-filled pages. > > > Since malloc() is an interface to sbrk, it does the same thing. > >=20 > > True, except that malloc(3) now uses both sbrk(2) and mmap(2) > > allocators, depending on the user-settable flags > > in /etc/malloc.conf, MALLOC_OPTIONS and the global variable > > _malloc_options. So you have to look into mmap(2) too. >=20 > Good point. From the man page: > "Any such extension beyond the end of the mapped object will be > zero-filled."=20 > and > "A successful mmap deletes any previous mapping in the allocated > address range." The above quote refers to zeroing the fraction of a page that's left over when "len" isn't a multiple of the page size. However, there's a comment in malloc.c about mmap'ed regions being zeroed, so I guess they are, but it doesn't seem to be mentioned at all in mmap(2). The reason I thought that heap memory isn't zeroed is from the discussion of pre-zeroed pages in this article:=20 http://www.freebsd.org/doc/en_US.ISO8859-1/articles/vm-design/prefault-opti= mizations.html It reads as if the BSS region is the only significant user of zeroed pages.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110425232908.4104e026>