Password theft from memory?

C. P. Ghost cpghost at cordula.ws
Mon Apr 25 15:46:34 UTC 2011


On Mon, Apr 25, 2011 at 5:15 PM, Bob Hall <rjhjr0 at gmail.com> wrote:
> On Mon, Apr 25, 2011 at 03:18:46PM +0100, RW wrote:
>> I don't believe the heap is allocated zeroed pages.  The kernel
>> does allocate such pages to the BSS segment, but that's because it
>> holds zeroed data such as C static variables.
>
> According to McKusick and Neville-Neil's book on FreeBSD, sbrk extends
> the uninitialized data segment with zero-filled pages. Since malloc() is
> an interface to sbrk, it does the same thing.

True, except that malloc(3) now uses both sbrk(2) and mmap(2) allocators,
depending on the user-settable flags in /etc/malloc.conf, MALLOC_OPTIONS
and the global variable _malloc_options. So you have to look into mmap(2)
too.

-cpghost.

-- 
Cordula's Web. http://www.cordula.ws/


More information about the freebsd-questions mailing list