misc/124410: malloc exposes previously free'd memory
rene.schickbauer at magnapowertrain.com
rene.schickbauer at magnapowertrain.com
Mon Jun 9 09:40:06 UTC 2008
The following reply was made to PR misc/124410; it has been noted by GNATS.
From: rene.schickbauer at magnapowertrain.com
To: bug-followup at FreeBSD.org, rene.schickbauer at magnapowertrain.com
Cc:
Subject: Re: misc/124410: malloc exposes previously free'd memory
Date: Mon, 9 Jun 2008 11:08:13 +0200
I forgot to mention:
Yes, i know, there is an option for malloc() to automatically initialize
memory to "0".
But this is doesn't look like it's enough:
For one thing, it looks like the user may override global setting (is
unsetting an option possible?). According to the man-page, the memset() (if
option is set) is done in malloc() instead directly in the kernel, and
realloc() and reallocf() are not covered at all.
Also, free()ing memory should wipe it for security reasons, for example it
may help against the "RAM freezing hacks", in cases where the application
has already free()'d but not malloc()'d security relevant data; see also
<http://www.hackaday.com/2008/02/21/breaking-disk-encryption-with-ram-dumps/>
More information about the freebsd-bugs
mailing list