From owner-freebsd-chat@FreeBSD.ORG Wed Apr 27 20:06:06 2011 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BD3C5106566B for ; Wed, 27 Apr 2011 20:06:06 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from mail8.sea5.speakeasy.net (mail8.sea5.speakeasy.net [69.17.117.53]) by mx1.freebsd.org (Postfix) with ESMTP id 923638FC12 for ; Wed, 27 Apr 2011 20:06:06 +0000 (UTC) Received: (qmail 1290 invoked from network); 27 Apr 2011 19:54:33 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail8.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 27 Apr 2011 19:54:32 -0000 Received: from lowell-desk.lan (lowell-desk.lan [172.30.250.8]) by be-well.ilk.org (Postfix) with ESMTP id 8454350822; Wed, 27 Apr 2011 15:54:26 -0400 (EDT) Received: by lowell-desk.lan (Postfix, from userid 1147) id 664B939845; Wed, 27 Apr 2011 15:54:26 -0400 (EDT) From: Lowell Gilbert To: Modulok References: <20110425151846.0a5359fd@gumby.homeunix.com> Date: Wed, 27 Apr 2011 15:54:26 -0400 In-Reply-To: (modulok@gmail.com's message of "Wed, 27 Apr 2011 13:24:18 -0600") Message-ID: <44aafblbbh.fsf@lowell-desk.lan> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: RW , freebsd-questions@freebsd.org, freebsd-chat@freebsd.org Subject: Re: Password theft from memory? X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-chat@freebsd.org List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Apr 2011 20:06:06 -0000 Modulok writes: >>> On Sun, Apr 24, 2011 at 7:10 PM, Modulok wrote: >>> > I don't know if this is a problem on FreeBSD... >>> > >>> > Process A requests memory. >>> > Process A Stores a plaintext password in memory or other sensitive >>> > data. Process A terminates and the memory is reclaimed by kernel. >>> > >>> > Process B requests a *huge* chunk of memory. >>> > Process B crawls the uninitialized memory, looking for ProcessA's >>> > previously stored password. >>> > >>> > Does anyone know if this is even possible on FreeBSD? > >> AFAIK it's the responsibly of the programmer to avoid data leaking. >> Passwords are commonly overwritten as soon as they no longer needed. I >> think geli keeps persistent key information in kernel wired-memory. > > If you're writing in an language which has direct memory access you can easily > overwrite sensitive regions of memory upon program exit. But what about higher > level, dynamic languages where direct memory access is not available? For > example, if I write program in Python (or a some other language) which > processes plaintext passwords or credit card numbers, on a shared host, can > that data be found in memory by another user's process designed to recognize > such patterns in large allocations? (Patterns like SS numbers, credit cards, > regions near strings like 'password' and so on.) > > I know that each process has its own private memory segment, but after a > process exits, it nolonger owns that memory. What happens to it? If it's not > zeroed out by my process, and it doesn't turn into pixie food, and it's not > zeroed out by malloc... it still exists somewhere. > > Maybe this would be best on hackers? In my opinion, no, -chat would be better. This is a well established area and all multi-user operating systems cover it in some way. You are missing an important point that had been glossed over somewhat in the earlier messages in this thread. In particular, you're missing that an unprivileged process doesn't have direct access to real memory addresses no matter what language it was written in. Languages that support memory pointers have access to a "virtual" address space on FreeBSD (and most other general-purpose operating systems of the last decade or two), which does not give them access to the memory of other processes. When a process exits (and, indeed, "it no longer owns that memory"), the real memory pages behind its virtual memory will be returned to the kernel, which will zero out those pages before letting another process reuse them. The details other people have been discussing have to do with the fact that there is more than one mechanism through which pages might get allocated to a process, but in all of those mechanisms, the old data is obliterated first. In practice, programmers used to Unix-ish systems may assume that their memory allocations are always zero-filled. On embedded systems (and other specialized environments, but I mostly deal with embedded systems for routers), this may not be a good assumption. Even on a Unix system, it's not necessarily a good assumption -- you won't get memory that was written by a different process, but you may well get memory that was released by your own process without being overwritten. Needless to say, this isn't a security concern. Be well. From owner-freebsd-chat@FreeBSD.ORG Sat Apr 30 12:30:46 2011 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7ADBD106566C for ; Sat, 30 Apr 2011 12:30:46 +0000 (UTC) (envelope-from enmingteo@lavabit.com) Received: from karen.lavabit.com (karen.lavabit.com [72.249.41.33]) by mx1.freebsd.org (Postfix) with ESMTP id 1EF018FC14 for ; Sat, 30 Apr 2011 12:30:45 +0000 (UTC) Received: from a.earth.lavabit.com (a.earth.lavabit.com [192.168.111.10]) by karen.lavabit.com (Postfix) with ESMTP id CFA6D11B8C9 for ; Sat, 30 Apr 2011 07:06:26 -0500 (CDT) Received: from 192.168.1.2 (cm37.gamma206.maxonline.com.sg [202.156.206.37]) by lavabit.com with ESMTP id 5RZVYM9PVUP6 for ; Sat, 30 Apr 2011 07:06:26 -0500 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=lavabit; d=lavabit.com; b=ABtc2zXxjCnXDMbt4Ynqur1np4akYYK/4Z7z5EA3fW04niuB9ZybWYGNYW0ASz5poapw3vWQDi4BJ3a02ppb6/1RWyr5UkrOy5jbkRT46wpJ/yLHR0MMbny+GtMIcWlok9pfLA036hM05haBg30G0rl5NUiBbELS4nUS3POnO/g=; h=Message-ID:Date:From:Reply-To:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding; Message-ID: <4DBBFB3F.6060008@lavabit.com> Date: Sat, 30 Apr 2011 20:06:23 +0800 From: "Singapore Citizen Mr. Teo En Ming (Zhang Enming) " User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.1) Gecko/20090814 Fedora/3.0-2.6.b3.fc11 Thunderbird/3.0b3 MIME-Version: 1.0 To: freebsd-chat@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Public Apology to Minister Mentor Lee Kuan Yew and Prime Minister Lee Hsien Loong, Singapore X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: enmingteo@lavabit.com List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Apr 2011 12:30:46 -0000 I was misconstrued as having insulted Minister Mentor Lee Kuan Yew. My words were twisted and misinterpreted and I feel that there is a need to explain myself and set the record straight. [b]What really happened[/b] It was sometime in Aug/Sep in the year 2009. The setting was in the Tampines Central office of Asiasoft Online Pte Ltd. I was having a ***verbal*** conversation with Melvin Lee, my new I.T. department manager, when he challenged me to complete an I.T. assignment within a specified period of time. In response to his challenge, I replied in Mandarin: "If I cannot complete the I.T. assignment within a specified period of time, then Lee Kuan Yew is wang ba dan". I used to be fond of using other people's names to "bet" with people but now no more. The Minister Mentor's name came into my mind spontaneously and I used it to "bet" with my I.T. department manager. [b]Explanations[/b] 1. It was not my intention to insult the Minister Mentor at that time. Please note the use of the IF... THEN... statement in my verbal conversation. 2. I did not know wang ba dan [hanyu pinyin] means bastard at all until I consulted Goh Meng Seng much later. I would like to apologize to the Minister Mentor and the Prime Minister of Singapore if I have offended them in any way. I swear it was not my intention to insult the Minister Mentor. Please forgive me for using your name carelessly to "bet" with my former I.T. department manager. Yours sincerely, Singapore Citizen Mr. Teo En Ming (Zhang Enming) Dip BEng(Hons) Alma Maters: (1) Singapore Polytechnic (2) National University of Singapore