memory pages nulling when releasing
Dag-Erling Smørgrav
des at des.no
Sun Jun 18 20:41:30 UTC 2006
"Nick Borisov" <neiro21 at gmail.com> writes:
> Well, providing zeroed pages to processes is not quite similar to
> explicit cleaning of pages after use as some security standards
> demand. That's why I'm asking. The "Z" malloc option seems to be
> suitable but it's actually for debugging.
Which security standard requires that one part of a process protect
itself from another part of the same process?
malloc() operates entirely in userland and is entirely replacable;
there are plenty of malloc() implementations available both in ports
and other places.
If you're worried about authentication tokens and the like, our PAM
library and modules zero memory used to store authentication data when
it is released. So does OpenSSH.
If this does not satisfy you, you're going to have to quote the
relevant security standards, because it is not clear to me what you
want, and I get the feeling that you don't quite know yourself.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list