memory pages nulling when releasing
Nick Withers
nick at nickwithers.com
Tue Jun 20 02:54:00 UTC 2006
On Mon, 19 Jun 2006 12:11:45 +0200
Dan Lukes <dan at obluda.cz> wrote:
(snip)
> To Nick: OS doesn't zero on free.
FreeBSD does*, if the "J" flag is set in _malloc_options /
MALLOC_OPTIONS, as per my original message (or at least, I
believe this is the case, going by malloc(3)'s man page -
please correct me if I'm wrong).
* Alright, it doesn't zero, as such, but will (again, unless
I've misunderstood the malloc(3) man page) initialise each byte
to 0xd0
> For better security of your sensitive data you need zero the memory by
> self. For inspiration I recommend to see the CRYPT_malloc/CRYPT_free
> implementation in OpenSSL. Don't forget the edge situations also (when
> your program can prematurely exits, you need the clean the key memory
> on "atexit" or so).
Good point, I hadn't thought of that!
> You may need to avoid swapping of memory with sensitive data also - see
> man mlock.
>
> But security knows no simple measures. You need think carefully about
> your specific situation then decide what measures are appropriate. More
> security measures may not cause more real security - it can have
> opposite effect also.
>
> Dan
>
>
> --
> Dan Lukes SISAL MFF UK
> AKA: dan at obluda.cz, dan at freebsd.cz,dan at kolej.mff.cuni.cz
--
Nick Withers
email: nick at nickwithers.com
Web: http://www.nickwithers.com
Mobile: +61 414 397 446
More information about the freebsd-security
mailing list