Date: Mon, 25 Apr 2011 22:56:14 -0400 From: Bob Hall <rjhjr0@gmail.com> To: RW <rwmaillists@googlemail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Password theft from memory? Message-ID: <20110426025614.GA62745@stainmore> In-Reply-To: <20110425232908.4104e026@gumby.homeunix.com> References: <BANLkTimJWAxW_4OmoeBQrvDDLjD-5Vr5hQ@mail.gmail.com> <BANLkTin_S%2BBRWu79AH16tPdgZd%2BUgZQAzQ@mail.gmail.com> <20110425151846.0a5359fd@gumby.homeunix.com> <20110425151536.GA61425@stainmore> <BANLkTinvvWhEy_A5ao=XWTpQOSTX0Vm2_A@mail.gmail.com> <20110425175420.GA61811@stainmore> <20110425232908.4104e026@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 25, 2011 at 11:29:08PM +0100, RW wrote: > On Mon, 25 Apr 2011 13:54:20 -0400 > Bob Hall <rjhjr0@gmail.com> wrote: > > > On Mon, Apr 25, 2011 at 05:46:33PM +0200, C. P. Ghost wrote: > > > On Mon, Apr 25, 2011 at 5:15 PM, Bob Hall <rjhjr0@gmail.com> wrote: > > > > On Mon, Apr 25, 2011 at 03:18:46PM +0100, RW wrote: > > > >> I don't believe the heap is allocated zeroed pages. The kernel > > > >> does allocate such pages to the BSS segment, but that's because > > > >> it holds zeroed data such as C static variables. > > > > > > > > According to McKusick and Neville-Neil's book on FreeBSD, sbrk > > > > extends the uninitialized data segment with zero-filled pages. > > > > Since malloc() is an interface to sbrk, it does the same thing. > > > > > > True, except that malloc(3) now uses both sbrk(2) and mmap(2) > > > allocators, depending on the user-settable flags > > > in /etc/malloc.conf, MALLOC_OPTIONS and the global variable > > > _malloc_options. So you have to look into mmap(2) too. > > > > Good point. From the man page: > > "Any such extension beyond the end of the mapped object will be > > zero-filled." > > and > > "A successful mmap deletes any previous mapping in the allocated > > address range." > > > The above quote refers to zeroing the fraction of a page that's left > over when "len" isn't a multiple of the page size. The above quote states that the memory not occupied by the remapped object is zero filled. Which is to say that memory allocated by mmap() is either filled with new data or filled with zeros. > However, there's a > comment in malloc.c about mmap'ed regions being zeroed, so I guess they > are, but it doesn't seem to be mentioned at all in mmap(2). It is mentioned, in the first sentence I quoted. > The reason I thought that heap memory isn't zeroed is from the > discussion of pre-zeroed pages in this article: > > http://www.freebsd.org/doc/en_US.ISO8859-1/articles/vm-design/prefault-optimizations.html > > It reads as if the BSS region is the only significant user of zeroed > pages. It appears to me to say that any virtual pages allocated to a process are pre-zeroed, which would include the BSS segment.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110426025614.GA62745>