Re: memory pages nulling when releasing
--- Nick Borisov <neiro21@gmail.com> wrote:
> Could you tell me if FreeBSD supports memory page nulling when
> releasing it to prevent unauthorized access to data left in the page
> after it's allocated again.
> If it does, what sys calls etc provide that?
> IMHO this is an important issue when operating data with different
> sensivity levels.
>
It is important, that no user process can look at non-shared (mmap(2) /
MAP_SHARED) pages in main memory that were used by another process before.
I think FreeBSD does it as follows (but I am not sure):
1. If a page is allocated for a process it is either overwritten with zeroes
(0x00) (e. g. in case of a page for the stack segment of a process) or it is
overwritten with the bytes of an executable or another file or so...
2. For maximum performance the system keeps a bunch of "pre-zero-ed" pages, so
that the OS is quite fast, when a process wants pages for data (malloc(3)) or
for stack.
Here is my "proof": :-)
% vmstat -s | grep zero
3840247 zero fill pages zeroed
844738 zero fill pages prezeroed
-Arne
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 3 之 27 篇):