From owner-freebsd-questions@FreeBSD.ORG Mon Apr 25 22:29:14 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 12A75106566B for ; Mon, 25 Apr 2011 22:29:14 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 95C208FC12 for ; Mon, 25 Apr 2011 22:29:13 +0000 (UTC) Received: by wyf23 with SMTP id 23so58704wyf.13 for ; Mon, 25 Apr 2011 15:29:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:date:from:to:subject:message-id:in-reply-to :references:x-mailer:mime-version:content-type :content-transfer-encoding; bh=eNmtTwKyxhOvg0C/daOjBd8CBRfeHV7mPaLt3EjB380=; b=vB352qCGpHAmlZB3RKRbIg97Wr1UJJcxm+tJUKo9Rt8GYrPx3/EZi9MfiNGutMXvNL DnwtI4Vb5AGyd06zNdZx3oAnMby7pR8tpUDldqc4cnlNyrfGl2iZyQ81M2FyxxI3CeEM aH3oz5N1Q1usiK+oH17f1diULia/ZaedUVZEg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=v6d81DvxfQmBo8teXJ6Wnlx1IkqFzrPkQ0YrNW86G/91bbTnoun+3KtJS3+++6Klqe MTYpScvUmAQ0OQ17zuYN7jJAkMRcO9zOBusaIeg9OF0WRRTMiiaHG+OKPqUJkTJ0Zyhe 5zfkZSBcKB6krUbYwlEp/aSs/2pNeMTef/jrU= Received: by 10.216.235.158 with SMTP id u30mr4384weq.104.1303770552542; Mon, 25 Apr 2011 15:29:12 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk [87.194.105.247]) by mx.google.com with ESMTPS id s40sm2741506weq.28.2011.04.25.15.29.10 (version=SSLv3 cipher=OTHER); Mon, 25 Apr 2011 15:29:11 -0700 (PDT) Date: Mon, 25 Apr 2011 23:29:08 +0100 From: RW To: freebsd-questions@freebsd.org Message-ID: <20110425232908.4104e026@gumby.homeunix.com> In-Reply-To: <20110425175420.GA61811@stainmore> References: <20110425151846.0a5359fd@gumby.homeunix.com> <20110425151536.GA61425@stainmore> <20110425175420.GA61811@stainmore> X-Mailer: Claws Mail 3.7.8 (GTK+ 2.22.1; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Password theft from memory? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Apr 2011 22:29:14 -0000 On Mon, 25 Apr 2011 13:54:20 -0400 Bob Hall wrote: > On Mon, Apr 25, 2011 at 05:46:33PM +0200, C. P. Ghost wrote: > > On Mon, Apr 25, 2011 at 5:15 PM, Bob Hall wrote: > > > On Mon, Apr 25, 2011 at 03:18:46PM +0100, RW wrote: > > >> I don't believe the heap is allocated zeroed pages. =A0The kernel > > >> does allocate such pages to the BSS segment, but that's because > > >> it holds zeroed data such as C static variables. > > > > > > According to McKusick and Neville-Neil's book on FreeBSD, sbrk > > > extends the uninitialized data segment with zero-filled pages. > > > Since malloc() is an interface to sbrk, it does the same thing. > >=20 > > True, except that malloc(3) now uses both sbrk(2) and mmap(2) > > allocators, depending on the user-settable flags > > in /etc/malloc.conf, MALLOC_OPTIONS and the global variable > > _malloc_options. So you have to look into mmap(2) too. >=20 > Good point. From the man page: > "Any such extension beyond the end of the mapped object will be > zero-filled."=20 > and > "A successful mmap deletes any previous mapping in the allocated > address range." The above quote refers to zeroing the fraction of a page that's left over when "len" isn't a multiple of the page size. However, there's a comment in malloc.c about mmap'ed regions being zeroed, so I guess they are, but it doesn't seem to be mentioned at all in mmap(2). The reason I thought that heap memory isn't zeroed is from the discussion of pre-zeroed pages in this article:=20 http://www.freebsd.org/doc/en_US.ISO8859-1/articles/vm-design/prefault-opti= mizations.html It reads as if the BSS region is the only significant user of zeroed pages.