Password theft from memory?
RW
rwmaillists at googlemail.com
Mon Apr 25 22:29:14 UTC 2011
On Mon, 25 Apr 2011 13:54:20 -0400
Bob Hall <rjhjr0 at gmail.com> wrote:
> On Mon, Apr 25, 2011 at 05:46:33PM +0200, C. P. Ghost wrote:
> > On Mon, Apr 25, 2011 at 5:15 PM, Bob Hall <rjhjr0 at gmail.com> wrote:
> > > On Mon, Apr 25, 2011 at 03:18:46PM +0100, RW wrote:
> > >> I don't believe the heap is allocated zeroed pages. The kernel
> > >> does allocate such pages to the BSS segment, but that's because
> > >> it holds zeroed data such as C static variables.
> > >
> > > According to McKusick and Neville-Neil's book on FreeBSD, sbrk
> > > extends the uninitialized data segment with zero-filled pages.
> > > Since malloc() is an interface to sbrk, it does the same thing.
> >
> > True, except that malloc(3) now uses both sbrk(2) and mmap(2)
> > allocators, depending on the user-settable flags
> > in /etc/malloc.conf, MALLOC_OPTIONS and the global variable
> > _malloc_options. So you have to look into mmap(2) too.
>
> Good point. From the man page:
> "Any such extension beyond the end of the mapped object will be
> zero-filled."
> and
> "A successful mmap deletes any previous mapping in the allocated
> address range."
The above quote refers to zeroing the fraction of a page that's left
over when "len" isn't a multiple of the page size. However, there's a
comment in malloc.c about mmap'ed regions being zeroed, so I guess they
are, but it doesn't seem to be mentioned at all in mmap(2).
The reason I thought that heap memory isn't zeroed is from the
discussion of pre-zeroed pages in this article:
http://www.freebsd.org/doc/en_US.ISO8859-1/articles/vm-design/prefault-optimizations.html
It reads as if the BSS region is the only significant user of zeroed
pages.
More information about the freebsd-questions
mailing list