Re: dynamic memory automatically zero'd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 08/07/2010 03:44 AM, Stefan Schulze Frielinghaus wrote:
> On Fr, 2010-08-06 at 09:37 -0700, Rick Stevens wrote:
>> On 08/06/2010 07:44 AM, Stefan Schulze Frielinghaus wrote:
>>> Hi all,
>>>
>>> if you allocate memory, e.g. via malloc(3), then it is automatically set
>>> to zero. This is actually a security feature quite common nowadays. I
>>> would like to know when this feature has made it into Fedora or in RHEL.
>>> Is this a mandatory feature of some security policy as e.g. the Common
>>> Criteria? I couldn't find much information about this. Therefore, any
>>> pointers, hints and so on are welcomed!
>>
>> calloc() is the call you want to make.  The ANSI standard makes no
>> guarantees about the contents of the memory you get with malloc().  In
>> fact, calloc() was created for that precise reason.
>
> No this is not what I meant. Of course if I want to make sure that the
> memory is zerod, then I will use calloc.
>
> I want to know if the question of my initial post is enforced by some
> security policy or if it is just common nowadays. If my mind does not
> play tricks on me, then this is enforced by eal4+ or something similar.
> But I couldn't find anything about this. Therefore, I asked here.
>
> Again: I know that I have to use calloc if I want to be sure that the
> memory is zerod. But this is not what I care about at the moment. I
> simple would like to know if the memory is zerod because of some
> security policy.

Pages newly allocated by the kernel will be zeroed.  They begin life as
a copy-on-write mmap() of /dev/zero.  Once you have used and freed
memory from those pages, however, that memory will not be re-zeroed.
If a subsequent malloc() happens to grab that same memory you will see
the old contents.  It will, however, be data written there by the
current process.

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux