From owner-freebsd-questions@FreeBSD.ORG  Sun Apr 24 18:17:07 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 818F7106564A
	for <freebsd-questions@freebsd.org>;
	Sun, 24 Apr 2011 18:17:07 +0000 (UTC)
	(envelope-from cpghost@cordula.ws)
Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com
	[209.85.212.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 4646C8FC14
	for <freebsd-questions@freebsd.org>;
	Sun, 24 Apr 2011 18:17:06 +0000 (UTC)
Received: by vws18 with SMTP id 18so1896522vws.13
	for <freebsd-questions@freebsd.org>;
	Sun, 24 Apr 2011 11:17:06 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.92.45 with SMTP id cj13mr4949995vdb.105.1303667621600; Sun,
	24 Apr 2011 10:53:41 -0700 (PDT)
Received: by 10.52.163.39 with HTTP; Sun, 24 Apr 2011 10:53:41 -0700 (PDT)
X-Originating-IP: [93.221.190.223]
In-Reply-To: <BANLkTimJWAxW_4OmoeBQrvDDLjD-5Vr5hQ@mail.gmail.com>
References: <BANLkTimJWAxW_4OmoeBQrvDDLjD-5Vr5hQ@mail.gmail.com>
Date: Sun, 24 Apr 2011 19:53:41 +0200
Message-ID: <BANLkTin_S+BRWu79AH16tPdgZd+UgZQAzQ@mail.gmail.com>
From: "C. P. Ghost" <cpghost@cordula.ws>
To: Modulok <modulok@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: freebsd-questions@freebsd.org
Subject: Re: Password theft from memory?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Apr 2011 18:17:07 -0000

On Sun, Apr 24, 2011 at 7:10 PM, Modulok <modulok@gmail.com> wrote:
> I don't know if this is a problem on FreeBSD...
>
> Process A requests memory.
> Process A Stores a plaintext password in memory or other sensitive data.
> Process A terminates and the memory is reclaimed by kernel.
>
> Process B requests a *huge* chunk of memory.
> Process B crawls the uninitialized memory, looking for ProcessA's previously
> stored password.
>
> Does anyone know if this is even possible on FreeBSD?

Please correct me if I'm wrong (I didn't check the sources), but...

short answer: it shouldn't happen, because pages allocated to a new process
are zero-filled by the kernel (lazily via zero-fill page faults when
process B crawls
the memory the first time).

On the other hand, I'm not sure if the pass phrase would be visible
via /dev/kmem
before those pages are actually zero-filled by the new process. Must check the
source for exit(2).

> Thanks!
> -Modulok-

-cpghost.

-- 
Cordula's Web. http://www.cordula.ws/