How does Fedora clean its RAM..?

David Quigley selinux at
Thu Nov 3 03:04:20 UTC 2011

On 11/02/2011 22:13, Chris Adams wrote:
> Once upon a time, Joel Rees <joel.rees at> said:
>> On Wed, Nov 2, 2011 at 10:56 AM, Bruno Wolff III <bruno at> 
>> wrote:
>> > Unprivileged users don't have access to the previous contents of 
>> ram allocated
>> > to their processes.
>> You're sure about that? What evidence do you offer? Can you point to
>> auto-scrub code paths in all the library APIs for freeing memory?
> Read the kernel source.
>> > What is the threat model you are trying to guard against?
>> Rather than merely imply that such threat models are beyond the 
>> scope
>> of Fedora, wouldn't it be better to refer the OP to a wiki article 
>> on
>> the subject, or to the dev list if there is no wiki article?
> Go read a book on Unix.
> --
> Chris Adams <cmadams at>
> Systems and Network Administrator - HiWAAY Internet Services
> I don't speak for anybody but myself - that's enough trouble.

Chris is correct in saying read the kernel source. When a page is given 
to userspace by the kernel it is given zeroed out. The reason you would 
need to scrub memory is if you are reallocated a page of memory by the 
malloc library and not the kernel. If a memory region is freed using 
free and then subsequently malloced with another call it is possible for 
malloc to give you memory that hasn't been scrubbed. If malloc needs a 
new set of pages to meet your request the pages it will get from the 
kernel will already be zeroed.


More information about the users mailing list