How does Fedora clean its RAM..?
David Quigley
selinux at davequigley.com
Thu Nov 3 03:04:20 UTC 2011
On 11/02/2011 22:13, Chris Adams wrote:
> Once upon a time, Joel Rees <joel.rees at gmail.com> said:
>> On Wed, Nov 2, 2011 at 10:56 AM, Bruno Wolff III <bruno at wolff.to>
>> wrote:
>> > Unprivileged users don't have access to the previous contents of
>> ram allocated
>> > to their processes.
>>
>> You're sure about that? What evidence do you offer? Can you point to
>> auto-scrub code paths in all the library APIs for freeing memory?
>
> Read the kernel source.
>
>> > What is the threat model you are trying to guard against?
>>
>> Rather than merely imply that such threat models are beyond the
>> scope
>> of Fedora, wouldn't it be better to refer the OP to a wiki article
>> on
>> the subject, or to the dev list if there is no wiki article?
>
> Go read a book on Unix.
> --
> Chris Adams <cmadams at hiwaay.net>
> Systems and Network Administrator - HiWAAY Internet Services
> I don't speak for anybody but myself - that's enough trouble.
Chris is correct in saying read the kernel source. When a page is given
to userspace by the kernel it is given zeroed out. The reason you would
need to scrub memory is if you are reallocated a page of memory by the
malloc library and not the kernel. If a memory region is freed using
free and then subsequently malloced with another call it is possible for
malloc to give you memory that hasn't been scrubbed. If malloc needs a
new set of pages to meet your request the pages it will get from the
kernel will already be zeroed.
Dave
More information about the users
mailing list