Password theft from memory?

RW rwmaillists at
Mon Apr 25 14:18:55 UTC 2011

On Sun, 24 Apr 2011 19:53:41 +0200
"C. P. Ghost" <cpghost at> wrote:

> On Sun, Apr 24, 2011 at 7:10 PM, Modulok <modulok at> wrote:
> > I don't know if this is a problem on FreeBSD...
> >
> > Process A requests memory.
> > Process A Stores a plaintext password in memory or other sensitive
> > data. Process A terminates and the memory is reclaimed by kernel.
> >
> > Process B requests a *huge* chunk of memory.
> > Process B crawls the uninitialized memory, looking for ProcessA's
> > previously stored password.
> >
> > Does anyone know if this is even possible on FreeBSD?
> Please correct me if I'm wrong (I didn't check the sources), but...
> short answer: it shouldn't happen, because pages allocated to a new
> process are zero-filled by the kernel (lazily via zero-fill page
> faults when process B crawls the memory the first time).

I don't believe the heap is allocated zeroed pages.  The kernel
does allocate such pages to the BSS segment, but that's because it
holds zeroed data such as C static variables.

AFAIK it's the responsibly of the programmer to avoid  data leaking.
Passwords are commonly overwritten as soon as they no longer needed. I
think geli keeps persistent key information in kernel wired-memory. 

More information about the freebsd-questions mailing list