[TALK] Proving fundamental Unix guarantees
Grahame Bowland
grahame at ucs.uwa.edu.au
Mon Jun 30 17:01:09 EST 2003
On Mon, 2003-06-30 at 14:35, Steve Landers wrote:
> On Monday, June 30, 2003, at 02:28 PM, Peter Jeremy wrote:
>
> > The vendor has suggested that the
> > kernel passes memory to the application without initialising it and
> > therefore it is a bug in the application.
>
> Ask your vendor if this means their OS has an exploitable security flaw
> - that a malicious application could scan through uninitialised memory
> looking for private information from another process.
>
> I'd be interested to hear their reaction ;-)
Zeroing pages handed back from an application to the operating system
isn't something generally done. Apparently OpenBSD does do it, and
FreeBSD zeroes pages when there is system idle time. Linux has been
known to leak information through ICMP echo replies, so I doubt it does
zeroing on pages!
Paranoid applications should zero it themselves, and investigate the
various syscalls to prevent pages being swapped out to disk, although
that usually needs superuser privileges.
--
Grahame Bowland Email: grahame at ucs.uwa.edu.au
University Communications Services Phone: +61 8 9380 1175
The University of Western Australia Fax: +61 8 9380 1109
CRICOS: 00126G
More information about the Talk
mailing list