From owner-freebsd-questions@FreeBSD.ORG Tue Apr 26 02:56:19 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2B21F106564A for ; Tue, 26 Apr 2011 02:56:19 +0000 (UTC) (envelope-from rjhjr0@gmail.com) Received: from mail-yi0-f54.google.com (mail-yi0-f54.google.com [209.85.218.54]) by mx1.freebsd.org (Postfix) with ESMTP id CF5118FC16 for ; Tue, 26 Apr 2011 02:56:18 +0000 (UTC) Received: by yie12 with SMTP id 12so121116yie.13 for ; Mon, 25 Apr 2011 19:56:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-type :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=LDsjlkItNOCA1277WWhF96Nen9GeSjBq07ow7lXxa8c=; b=GWtWW1FT8JrL+cD8Vjl7gzQCNMI4UrtzKr8svo/DO3kKKWMQwoVBQS8TJ+yLgFDuPB 4yaY3PiMCDFPlTV3y8IFmEJT4SB+GC9o5QG+d/MwUchhVBM5rP7dknz48R3xhPbFuBfj BcM3gYF0bHhddtha36PdtjYCgZZbS1fTNw53Y= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-type:content-disposition :content-transfer-encoding:in-reply-to:user-agent; b=pw2FivzNCN5H6KpTvC1q8fnEWfsxR7fkqjtZ0H8gzHwz9DEPYZQXwmryW79lGBkUOu kCyTmqBkkwg7cPd1Z+EMZA2+ZwU+C5NMZmBudmX1Tgev65UTKmlAX93Y6G7OSJhpJsym CihTvfhraX71PZeuFSUINFb1151P6p/KWiVMs= Received: by 10.236.77.65 with SMTP id c41mr231165yhe.10.1303786578007; Mon, 25 Apr 2011 19:56:18 -0700 (PDT) Received: from localhost (ip98-163-115-74.dc.dc.cox.net [98.163.115.74]) by mx.google.com with ESMTPS id p29sm2528444yhm.61.2011.04.25.19.56.16 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 25 Apr 2011 19:56:16 -0700 (PDT) Date: Mon, 25 Apr 2011 22:56:14 -0400 From: Bob Hall To: RW Message-ID: <20110426025614.GA62745@stainmore> Mail-Followup-To: Bob Hall , RW , freebsd-questions@freebsd.org References: <20110425151846.0a5359fd@gumby.homeunix.com> <20110425151536.GA61425@stainmore> <20110425175420.GA61811@stainmore> <20110425232908.4104e026@gumby.homeunix.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20110425232908.4104e026@gumby.homeunix.com> User-Agent: Mutt/1.4.2.3i Cc: freebsd-questions@freebsd.org Subject: Re: Password theft from memory? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Apr 2011 02:56:19 -0000 On Mon, Apr 25, 2011 at 11:29:08PM +0100, RW wrote: > On Mon, 25 Apr 2011 13:54:20 -0400 > Bob Hall wrote: > > > On Mon, Apr 25, 2011 at 05:46:33PM +0200, C. P. Ghost wrote: > > > On Mon, Apr 25, 2011 at 5:15 PM, Bob Hall wrote: > > > > On Mon, Apr 25, 2011 at 03:18:46PM +0100, RW wrote: > > > >> I don't believe the heap is allocated zeroed pages.  The kernel > > > >> does allocate such pages to the BSS segment, but that's because > > > >> it holds zeroed data such as C static variables. > > > > > > > > According to McKusick and Neville-Neil's book on FreeBSD, sbrk > > > > extends the uninitialized data segment with zero-filled pages. > > > > Since malloc() is an interface to sbrk, it does the same thing. > > > > > > True, except that malloc(3) now uses both sbrk(2) and mmap(2) > > > allocators, depending on the user-settable flags > > > in /etc/malloc.conf, MALLOC_OPTIONS and the global variable > > > _malloc_options. So you have to look into mmap(2) too. > > > > Good point. From the man page: > > "Any such extension beyond the end of the mapped object will be > > zero-filled." > > and > > "A successful mmap deletes any previous mapping in the allocated > > address range." > > > The above quote refers to zeroing the fraction of a page that's left > over when "len" isn't a multiple of the page size. The above quote states that the memory not occupied by the remapped object is zero filled. Which is to say that memory allocated by mmap() is either filled with new data or filled with zeros. > However, there's a > comment in malloc.c about mmap'ed regions being zeroed, so I guess they > are, but it doesn't seem to be mentioned at all in mmap(2). It is mentioned, in the first sentence I quoted. > The reason I thought that heap memory isn't zeroed is from the > discussion of pre-zeroed pages in this article: > > http://www.freebsd.org/doc/en_US.ISO8859-1/articles/vm-design/prefault-optimizations.html > > It reads as if the BSS region is the only significant user of zeroed > pages. It appears to me to say that any virtual pages allocated to a process are pre-zeroed, which would include the BSS segment.