User: Password:
|
|
Subscribe / Log in / New account

Zeroing freed memory

Zeroing freed memory

Posted Nov 12, 2008 23:56 UTC (Wed) by Felix_the_Mac (guest, #32242)
Parent article: /dev/ksm: dynamic memory sharing

"Windows apparently zeroes all freed memory"

On the face of it that sounds pretty sensible (from a security perspective).
Why doesn't Linux do it?


(Log in to post comments)

Zeroing freed memory

Posted Nov 13, 2008 0:48 UTC (Thu) by nix (subscriber, #2304) [Link]

Because it pointlessly blows the dcache (a precious resource), generally
to very little gain, because a lot of freed userspace pages are reused for
something other than userspace pages and are filled with something else,
and those pages which *are* reused for other userspace pages are zeroed at
*that* point.

Zeroing freed memory

Posted Nov 13, 2008 22:45 UTC (Thu) by bdauvergne (subscriber, #6989) [Link]

and there is still madvise(MADV_DONTNEED) to release the physical pages to the system.

Zeroing freed memory

Posted Nov 13, 2008 9:19 UTC (Thu) by dlang (subscriber, #313) [Link]

zeroing the memory when it's freed is better from a security point of view, but it's expensive to do.

since it may sometimes not need to be zeroed (besides the kernel uses noted in post above, if the page is going to be used to hold the executable code to be run, just load the appropriate code in the page, there's no benifit to zeroing it out first) and other times it can be zeroed when the system is idle, linux does the more efficant thing and zeros the page with as little impact tot he rest of the system as possible.

Linux can do it

Posted Nov 13, 2008 15:07 UTC (Thu) by wtogami (subscriber, #32325) [Link]

http://udrepper.livejournal.com/11429.html
If you set MALLOC_PERTURB_=$NUMBER, it sets all malloc'ed bytes to $NUMBER, and the bitwise inverse upon free. It is great to expose otherwise difficult to detect bugs, at the expense of speed. It might also be useful for /dev/ksm.

Linux can do it

Posted Nov 13, 2008 19:52 UTC (Thu) by nix (subscriber, #2304) [Link]

It's a really cool feaure, but, well, Ulrich says that it 'Seems like the
number of people who know this feature is still almost zero'. Yes, that's
because it was never documented, as with pretty much everything glibc can
do above POSIX. (e.g., quick, how does LD_AUDIT work? How do you use it?
Good luck finding out without reading the source, and it's tricky to
understand even then.)

Zeroing freed memory

Posted Nov 14, 2008 15:10 UTC (Fri) by PaXTeam (guest, #24616) [Link]

> On the face of it that sounds pretty sensible (from a security perspective).
> Why doesn't Linux do it?

PaX has had such a feature for some time, but its performance impact isn't negligible. i have only numbers for an early naive implementation (pages were zeroed twice effectively), the kernel time of kernel compilation went up by some 40%, IIRC, so even assuming the current implementation it's probably not better than 20%. now this is kernel time only, if your workload is mostly userland then you will care a lot less, otherwise you'll have to find out where on the user/kernel scale you fall and decide accordingly if it's worth it.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds