--- Nick Borisov <[EMAIL PROTECTED]> wrote: > Could you tell me if FreeBSD supports memory page nulling when > releasing it to prevent unauthorized access to data left in the page > after it's allocated again. > If it does, what sys calls etc provide that? > IMHO this is an important issue when operating data with different > sensivity levels. > It is important, that no user process can look at non-shared (mmap(2) / MAP_SHARED) pages in main memory that were used by another process before.
I think FreeBSD does it as follows (but I am not sure): 1. If a page is allocated for a process it is either overwritten with zeroes (0x00) (e. g. in case of a page for the stack segment of a process) or it is overwritten with the bytes of an executable or another file or so... 2. For maximum performance the system keeps a bunch of "pre-zero-ed" pages, so that the OS is quite fast, when a process wants pages for data (malloc(3)) or for stack. Here is my "proof": :-) % vmstat -s | grep zero 3840247 zero fill pages zeroed 844738 zero fill pages prezeroed -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
