[TALK] Proving fundamental Unix guarantees

Grahame Bowland grahame at ucs.uwa.edu.au
Mon Jun 30 17:01:09 EST 2003


On Mon, 2003-06-30 at 14:35, Steve Landers wrote:
> On Monday, June 30, 2003, at 02:28  PM, Peter Jeremy wrote:
> 
> > The vendor has suggested that the
> > kernel passes memory to the application without initialising it and
> > therefore it is a bug in the application.
> 
> Ask your vendor if this means their OS has an exploitable security flaw 
> - that a malicious application could scan through uninitialised memory 
> looking for private information from another process.
> 
> I'd be interested to hear their reaction ;-)

Zeroing pages handed back from an application to the operating system
isn't something generally done. Apparently OpenBSD does do it, and
FreeBSD zeroes pages when there is system idle time. Linux has been
known to leak information through ICMP echo replies, so I doubt it does
zeroing on pages!

Paranoid applications should zero it themselves, and investigate the
various syscalls to prevent pages being swapped out to disk, although
that usually needs superuser privileges.

-- 
Grahame Bowland                       Email: grahame at ucs.uwa.edu.au
University Communications Services    Phone: +61 8 9380 1175
The University of Western Australia     Fax: +61 8 9380 1109
                                     CRICOS: 00126G





More information about the Talk mailing list