On Mon, 19 Jun 2006, Michael Opdenacker wrote:
Hello,
Would it make sense to implement a kernel option that would clear kernel
memory before freeing it (by kfree or free_page(s))?
Unless I'm missing something, uncleared memory previously used for kernel
allocations could later be recycled for user allocations, making it possible
for a user program to access sensitive driver data if it's lucky.
No sane operating system lets user-space have access to pages that haven't
been cleared.
Tough clearing memory should be efficient (thanks to the use of memset(),
optimized for each platform), there would of course be a significant
performance hit. However, this could be acceptable for systems with strong
security requirements...
A better way (and I believe the way Linux does it) is to map new pages to
the zero page, read-only. If the process attempts to write to the zero
page, we take a page fault and set up a new zeroed page, change the
mapping, and return control back to that process.
What do you think? If this idea makes sense, I'll be glad to help in
implementing it.
Thanks in advance,
Cheers,
Michael.
Thanks,
Chase
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
