Date: Sun, 20 Apr 2014 22:00:37 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-security@freebsd.org Subject: Re: De Raadt + FBSD + OpenSSH + hole? Message-ID: <20140420220037.076be9d0@gumby.homeunix.com> In-Reply-To: <CADgEyUt1_BiTQhvjzS0%2Bot0hUVNSUMXM8qXki%2B6dZio%2BgWfZgg@mail.gmail.com> References: <534B11F0.9040400@paladin.bulgarpress.com> <201404141207.s3EC7IvT085450@chronos.org.uk> <201404141232.s3ECWFQ1081178@catnip.dyslexicfish.net> <53522186.9030207@FreeBSD.org> <201404200548.s3K5mV7N055244@catnip.dyslexicfish.net> <53540307.1070708@quietfountain.com> <201404201831.s3KIVCSY054778@catnip.dyslexicfish.net> <CADgEyUt1_BiTQhvjzS0%2Bot0hUVNSUMXM8qXki%2B6dZio%2BgWfZgg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 20 Apr 2014 15:00:28 -0400 Nathan Dorfman wrote: > On Sun, Apr 20, 2014 at 2:31 PM, Jamie Landeg-Jones > <jamie@dyslexicfish.net> wrote: > > Once memory has been freed, I thought any attempt by a user process > > to access it would cause a SIGSEV. > > > > I thought the issue was with programs that inadvertantly expose > > (either to read or write) other parts of their active memory. > > > > Of course, if a process rolls it's own in-process implementation > > of malloc/free, then this point is moot, but once you free memory > > back to the system, isn't in no longer accessable anyway? > > free() doesn't usually "free memory back to the system." It just puts > it back onto a "free list" managed by libc, entirely within the > process's address space. It can return the physical memory, but there are a couple of caveats. Firstly, it can only return whole pages. Secondly, it's not returned instantaneously to avoid the overhead of page-faults and zeroing pages if that region is remalloced. It's left to the page-daemon to recover the physical memory in its own time, and it remains readable by it's previous process until it's reassigned.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140420220037.076be9d0>