Clearing residual memory
I need to ensure that objects stored in memory are no longer accessible, even when that memory is freed up for other uses. How does Linux handle this? Is there an overwrite operation performed for released memory?
Thanks in advance. |
The OS is responsible for reallocating freed memory for reuse. It generally doesn't care what that memory contains or what it was used for. Freed memory is dumped back into the pool and allocated on first come first served basis so trying to grab particular memory data would take a concerted effort. That said, memory cleanup, especially for securing stored information, is primarily the responsibility of the application, not the operating system.
|
Thank You....Should Have Known It's An Application Problem
Hitting myself upside the head :doh:....I should have known better....thanks. This makes sense. An application could probably do this when the object is destroyed as part of the teardown method.
|
Also see mlock(2) to make sure your secret data isn't written to swap space.
|
Not strictly what you asked, but address space randomization is also implemented - wikipedia has an entry for that ISTR.
|
Grsecurity has an option to "Sanitize free memory" which will overwrite the memory a few times (3?) when it is freed up. There is a small performance hit in general but with all the security options of grsecurity the performance hit overall is normally 2-3%.
|
All times are GMT -5. The time now is 03:18 PM. |