Password theft from memory?
C. P. Ghost
cpghost at cordula.ws
Tue Apr 26 14:23:13 UTC 2011
On Tue, Apr 26, 2011 at 11:41 AM, RW <rwmaillists at googlemail.com> wrote:
>> The above quote states that the memory not occupied by the remapped
>> object is zero filled. Which is to say that memory allocated by mmap()
>> is either filled with new data or filled with zeros.
>
> In context it says:
>
> "If len is not a multiple of the page-size, the mapped region may
> extend past the specified range. Any such extension beyond the
> end of the mapped object will be zero-filled."
>
> To me the most straightforward reading of that is that it's referring
> to non-aligned address ranges.
>
> Your interpretation may well be the intended one, but where would that
> leave the anonymous mappings used by malloc? Are we to think of them as
> extensions beyond a non-existent mapped object, and thus infer that they
> are zero-filled? It's a bit of a stretch from what's written.
While it's not a *proof*, you could always do a little bit of black box
testing.
1, So how about a little C program scanner.c that allocates a huge heap
via mmap(2)'s malloc(3) backend, and crawls that buffer, looking for
the first non-zero byte? If we always get zero-filled pages, you shouldn't
find any non-zero bytes there.
2. For good measure, another program filler.c could fill a huge heap with
a particular easily recognizable pattern (say something like 0xdeadbeef),
and exit; and then, scanner.c could not only check for non-zero byes, but
also for that particular pattern.
-cpghost.
--
Cordula's Web. http://www.cordula.ws/
More information about the freebsd-questions
mailing list