memory pages nulling when releasing
R. B. Riddick
arne_woerner at yahoo.com
Sun Jun 18 10:09:20 UTC 2006
--- Nick Borisov <neiro21 at gmail.com> wrote:
> Could you tell me if FreeBSD supports memory page nulling when
> releasing it to prevent unauthorized access to data left in the page
> after it's allocated again.
> If it does, what sys calls etc provide that?
> IMHO this is an important issue when operating data with different
> sensivity levels.
>
It is important, that no user process can look at non-shared (mmap(2) /
MAP_SHARED) pages in main memory that were used by another process before.
I think FreeBSD does it as follows (but I am not sure):
1. If a page is allocated for a process it is either overwritten with zeroes
(0x00) (e. g. in case of a page for the stack segment of a process) or it is
overwritten with the bytes of an executable or another file or so...
2. For maximum performance the system keeps a bunch of "pre-zero-ed" pages, so
that the OS is quite fast, when a process wants pages for data (malloc(3)) or
for stack.
Here is my "proof": :-)
% vmstat -s | grep zero
3840247 zero fill pages zeroed
844738 zero fill pages prezeroed
-Arne
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the freebsd-security
mailing list