Re: memory pages nulling when releasing

--- Nick Borisov <neiro21@xxxxxxxxx> wrote:
Well, providing zeroed pages to processes is not quite similar to
explicit cleaning of pages after use as some security standards
demand. That's why I'm asking. The "Z" malloc option seems to be
suitable but it's actually for debugging.

Since you would need
(aa) root access (for reading /dev/mem (or what would it be?))
and/or
(bb) physical access (for reading the content of powered off RAM)
to the system to read the content of used pages, it would not help, if those
pages are zero-ed after their use,
because:
(AA) User root has access to every or about every page in physical memory
(e. g. while the process uses it;
or after kernel-modification).
and
(BB) The one who has physical access has root access
(e.g. by altering the content of the harddisc).

Conclusion:
Instead of zero'ing pages immediately after the process does not need them
anymore, it would be much better, to keep the system safe (especially: security
relevant software patches; and (even more) physical safety)

Or maybe I missed something... :-)

-Arne


__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"