FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 08-06-2010, 02:44 PM
Stefan Schulze Frielinghaus
 
Default dynamic memory automatically zero'd

Hi all,

if you allocate memory, e.g. via malloc(3), then it is automatically set
to zero. This is actually a security feature quite common nowadays. I
would like to know when this feature has made it into Fedora or in RHEL.
Is this a mandatory feature of some security policy as e.g. the Common
Criteria? I couldn't find much information about this. Therefore, any
pointers, hints and so on are welcomed!

Regards,
Stefan

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-06-2010, 03:07 PM
Alan Evans
 
Default dynamic memory automatically zero'd

On Fri, Aug 6, 2010 at 7:44 AM, Stefan Schulze Frielinghaus wrote:
> if you allocate memory, e.g. via malloc(3), then it is automatically set
> to zero. This is actually a security feature quite common nowadays. I
> would like to know when this feature has made it into Fedora or in RHEL.
> Is this a mandatory feature of some security policy as e.g. the Common
> Criteria? I couldn't find much information about this. Therefore, any
> pointers, hints and so on are welcomed!

man malloc: use calloc() instead of malloc() if you want the allocated
memory to be zeroed.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-06-2010, 04:37 PM
Rick Stevens
 
Default dynamic memory automatically zero'd

On 08/06/2010 07:44 AM, Stefan Schulze Frielinghaus wrote:
> Hi all,
>
> if you allocate memory, e.g. via malloc(3), then it is automatically set
> to zero. This is actually a security feature quite common nowadays. I
> would like to know when this feature has made it into Fedora or in RHEL.
> Is this a mandatory feature of some security policy as e.g. the Common
> Criteria? I couldn't find much information about this. Therefore, any
> pointers, hints and so on are welcomed!

calloc() is the call you want to make. The ANSI standard makes no
guarantees about the contents of the memory you get with malloc(). In
fact, calloc() was created for that precise reason.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, C2 Hosting ricks@nerd.com -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- There are only 10 kinds of people in the world -- those who -
- understand binary and those who don't -
----------------------------------------------------------------------
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-07-2010, 08:44 AM
Stefan Schulze Frielinghaus
 
Default dynamic memory automatically zero'd

On Fr, 2010-08-06 at 09:37 -0700, Rick Stevens wrote:
> On 08/06/2010 07:44 AM, Stefan Schulze Frielinghaus wrote:
> > Hi all,
> >
> > if you allocate memory, e.g. via malloc(3), then it is automatically set
> > to zero. This is actually a security feature quite common nowadays. I
> > would like to know when this feature has made it into Fedora or in RHEL.
> > Is this a mandatory feature of some security policy as e.g. the Common
> > Criteria? I couldn't find much information about this. Therefore, any
> > pointers, hints and so on are welcomed!
>
> calloc() is the call you want to make. The ANSI standard makes no
> guarantees about the contents of the memory you get with malloc(). In
> fact, calloc() was created for that precise reason.

No this is not what I meant. Of course if I want to make sure that the
memory is zerod, then I will use calloc.

I want to know if the question of my initial post is enforced by some
security policy or if it is just common nowadays. If my mind does not
play tricks on me, then this is enforced by eal4+ or something similar.
But I couldn't find anything about this. Therefore, I asked here.

Again: I know that I have to use calloc if I want to be sure that the
memory is zerod. But this is not what I care about at the moment. I
simple would like to know if the memory is zerod because of some
security policy.

Regards,
Stefan

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-07-2010, 01:59 PM
Robert Nichols
 
Default dynamic memory automatically zero'd

On 08/07/2010 03:44 AM, Stefan Schulze Frielinghaus wrote:
> On Fr, 2010-08-06 at 09:37 -0700, Rick Stevens wrote:
>> On 08/06/2010 07:44 AM, Stefan Schulze Frielinghaus wrote:
>>> Hi all,
>>>
>>> if you allocate memory, e.g. via malloc(3), then it is automatically set
>>> to zero. This is actually a security feature quite common nowadays. I
>>> would like to know when this feature has made it into Fedora or in RHEL.
>>> Is this a mandatory feature of some security policy as e.g. the Common
>>> Criteria? I couldn't find much information about this. Therefore, any
>>> pointers, hints and so on are welcomed!
>>
>> calloc() is the call you want to make. The ANSI standard makes no
>> guarantees about the contents of the memory you get with malloc(). In
>> fact, calloc() was created for that precise reason.
>
> No this is not what I meant. Of course if I want to make sure that the
> memory is zerod, then I will use calloc.
>
> I want to know if the question of my initial post is enforced by some
> security policy or if it is just common nowadays. If my mind does not
> play tricks on me, then this is enforced by eal4+ or something similar.
> But I couldn't find anything about this. Therefore, I asked here.
>
> Again: I know that I have to use calloc if I want to be sure that the
> memory is zerod. But this is not what I care about at the moment. I
> simple would like to know if the memory is zerod because of some
> security policy.

Pages newly allocated by the kernel will be zeroed. They begin life as
a copy-on-write mmap() of /dev/zero. Once you have used and freed
memory from those pages, however, that memory will not be re-zeroed.
If a subsequent malloc() happens to grab that same memory you will see
the old contents. It will, however, be data written there by the
current process.

--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-07-2010, 04:43 PM
Ulrich Drepper
 
Default dynamic memory automatically zero'd

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/07/2010 06:59 AM, Robert Nichols wrote:
> Pages newly allocated by the kernel will be zeroed. They begin life as
> a copy-on-write mmap() of /dev/zero.

Mostly true although /dev/zero hasn't played a role in this for many
years now.

Anonymous memory returned by mmap must be cleared. Memory provided by
sbrk can be cleared and it is on Linux.

This is all rather problematic nowadays since it means many unnecessary
memory operations, in general. There have been lots of talks about
relaxing the rules for sbrk and adding an mmap flag to avoid the
clearing. This can easily be accommodated in the userlevel
implementation and lead to big improvements.



> Once you have used and freed
> memory from those pages, however, that memory will not be re-zeroed.

It's only guaranteed to be cleared upon reused, not directly after they
are freed.


> If a subsequent malloc() happens to grab that same memory you will see
> the old contents. It will, however, be data written there by the
> current process.

Perhaps a bit strong: no memory freed with free() must be assumed to be
cleared. Only when the memory is returned to the kernel will it before
the next use be cleared. Everything else would be a big performance issue.

You can see it yourself by using MALLOC_PERTURB_. It's really a
debugging tool to find call site which depend on malloc clearing memory
and use memory after fgreeing. But it obviously it's also useful for
scrubbing memory.

- --
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAkxdjSAACgkQ2ijCOnn/RHTb4QCgwuuap+Y3vMpUfqGlUAT1SMqz
rj4AnjrKOSLzpLAOxCtCxI6EMnAJTL1Z
=Zf5P
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-08-2010, 03:09 AM
Gregory Hosler
 
Default dynamic memory automatically zero'd

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/08/2010 12:43 AM, Ulrich Drepper wrote:
> On 08/07/2010 06:59 AM, Robert Nichols wrote:
>> Pages newly allocated by the kernel will be zeroed. They begin life as
>> a copy-on-write mmap() of /dev/zero.
>
> Mostly true although /dev/zero hasn't played a role in this for many
> years now.
>
> Anonymous memory returned by mmap must be cleared. Memory provided by
> sbrk can be cleared and it is on Linux.
>
> This is all rather problematic nowadays since it means many unnecessary
> memory operations, in general. There have been lots of talks about
> relaxing the rules for sbrk and adding an mmap flag to avoid the
> clearing. This can easily be accommodated in the userlevel
> implementation and lead to big improvements.
>
>
>
>> Once you have used and freed
>> memory from those pages, however, that memory will not be re-zeroed.
>
> It's only guaranteed to be cleared upon reused, not directly after they
> are freed.
>
>
>> If a subsequent malloc() happens to grab that same memory you will see
>> the old contents. It will, however, be data written there by the
>> current process.
>
> Perhaps a bit strong: no memory freed with free() must be assumed to be
> cleared. Only when the memory is returned to the kernel will it before
> the next use be cleared.

It is probably worth mentioning that in general free() does *NOT* return memory
back to the kernel.

so, in general, freeing and then malloc() -- if malloc() happens to chose memory
previously used by the application, and free'd, then the newly malloc'd memory
would have the previous contents.

- -Greg

> Everything else would be a big performance issue.
>
> You can see it yourself by using MALLOC_PERTURB_. It's really a
> debugging tool to find call site which depend on malloc clearing memory
> and use memory after fgreeing. But it obviously it's also useful for
> scrubbing memory.
>

- --
+---------------------------------------------------------------------+

Please also check the log file at "/dev/null" for additional information.
(from /var/log/Xorg.setup.log)

| Greg Hosler ghosler@redhat.com |
+---------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxeH+4ACgkQ404fl/0CV/SknwCg2FPAndkv+82f954f+lmxgwVH
3hwAoKxIZWuLu0KwENS0DEv/LVeyxh6x
=eEnr
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-08-2010, 07:56 PM
Stefan Schulze Frielinghaus
 
Default dynamic memory automatically zero'd

On Sa, 2010-08-07 at 09:43 -0700, Ulrich Drepper wrote:
[...]
> Anonymous memory returned by mmap must be cleared. Memory provided by
> sbrk can be cleared and it is on Linux.

I found a couple of messages at the LKML where they talk about zeroing
memory. For example this one:

http://marc.info/?l=linux-kernel&m=110488222915074&w=2

I'm gonna have a deeper look at this tomorrow,
thanks to all of you.

Regards,
Stefan

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 11:08 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org