Re: memory pages nulling when releasing

On Mon, 19 Jun 2006 12:11:45 +0200
Dan Lukes <dan@obluda.cz> wrote:

(snip)

> 	To Nick: OS doesn't zero on free.

FreeBSD does*, if the "J" flag is set in _malloc_options /
MALLOC_OPTIONS, as per my original message (or at least, I
believe this is the case, going by malloc(3)'s man page -
please correct me if I'm wrong).

* Alright, it doesn't zero, as such, but will (again, unless
I've misunderstood the malloc(3) man page) initialise each byte
to 0xd0

> For better security of your sensitive data you need zero the memory by
> self. For inspiration I recommend to see the CRYPT_malloc/CRYPT_free
> implementation in OpenSSL. Don't forget the edge situations also (when
> your program can prematurely exits, you need the clean the key memory
> on "atexit" or so). 

Good point, I hadn't thought of that!

> You may need to avoid swapping of memory with sensitive data also - see
> man mlock.
> 
> 	But security knows no simple measures. You need think carefully about 
> your specific situation then decide what measures are appropriate. More 
> security measures may not cause more real security - it can have 
> opposite effect also.
> 
> 					Dan
> 
> 
> -- 
> Dan Lukes                                   SISAL MFF UK
> AKA: dan@obluda.cz, dan@freebsd.cz,dan@kolej.mff.cuni.cz
-- 
Nick Withers
email: nick@nickwithers.com
Web: http://www.nickwithers.com
Mobile: +61 414 397 446
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"