Re: Malloc -Z



On Wed, 27 Jul 2011 13:16:59 -0400
grarpamp wrote:

malloc(3) has never provided zeroed memory. If you need zeroed
memory in C, you either need to zero it yourself using memset(3),
or use calloc(3).

Or, in lieu, use -Z, presumably.

What would be prudent as a developer (and is the default in CURRENT
I believe) is to use J - it enforces the "memory from malloc(3) is
not guaranteed to be zeroed." by specifically setting it to
non-zero.

Hmm, well for debugging/fuzzing programs, Z or J could be useful.
As would new R(random), 5(0x55), a(0xaa), and f(0xff) variations.

But for security, it seems running with any of them set would be
wise or flat out required. No? As in the case where users are
untrusted (mischievous, but unable to gain root).

Because while your own shiny new program may zero on free, all
the other installed programs that handle 'sensitive' data may not.
And without using say, Z... any user could scrape the box. Right?

No. It's only freed memory from the same process that can be read.
Memory that's hung around in the heap long enough to to get reused.

Memory released from other processes is zeroed by the kernel before
it's mapped into the process's heap.
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: Problem only in release version!
    ... not executed in Release mode (I believe, but I also thought Debug ... initialized variables to zero, ... The Release version will not initialize anything 'naturally' ... >>the contents of the memory addresses they happen to get assigned to). ...
    (microsoft.public.dotnet.languages.vc)
  • Re: Malloc -Z
    ... you either need to zero it yourself using memset, ... No developer should ever assume that mallocreturns zeroed memory. ... similar with OpenSSL keys ought to zero out the password or private key ... buffers as soon as possible to avoid leaving plain-text passwords in memory. ...
    (FreeBSD-Security)
  • Re: Efficient zeroing
    ... If there's a dedicated way to zero memory quickly, ... real-world systems on which some system-specific code is significantly ... given specified constraints on buf? ...
    (comp.lang.c)
  • Re: How to pass vectors in gateway routine?
    ... %VAL, Ndata, Nspec) ... I should also mention a memory leak nit in the above code. ... of memory that is initialized to zero. ...
    (comp.soft-sys.matlab)
  • Re: Request for source code review of simple Ising model
    ... explicitly initialized the lattice memory with memset(). ... If a zero value is meaningful, then using memset is probably a good ... zeroing an array of char that's intended to store ...
    (comp.lang.c)