LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-09-2012, 09:35 AM   #1
Linux Village Idiot
LQ Newbie
 
Registered: Apr 2012
Location: Haymarket, VA
Distribution: RHEL 6.2
Posts: 2

Rep: Reputation: Disabled
Clearing residual memory


I need to ensure that objects stored in memory are no longer accessible, even when that memory is freed up for other uses. How does Linux handle this? Is there an overwrite operation performed for released memory?

Thanks in advance.
 
Old 07-09-2012, 12:20 PM   #2
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 139Reputation: 139
The OS is responsible for reallocating freed memory for reuse. It generally doesn't care what that memory contains or what it was used for. Freed memory is dumped back into the pool and allocated on first come first served basis so trying to grab particular memory data would take a concerted effort. That said, memory cleanup, especially for securing stored information, is primarily the responsibility of the application, not the operating system.
 
1 members found this post helpful.
Old 07-09-2012, 01:48 PM   #3
Linux Village Idiot
LQ Newbie
 
Registered: Apr 2012
Location: Haymarket, VA
Distribution: RHEL 6.2
Posts: 2

Original Poster
Rep: Reputation: Disabled
Thank You....Should Have Known It's An Application Problem

Hitting myself upside the head ....I should have known better....thanks. This makes sense. An application could probably do this when the object is destroyed as part of the teardown method.
 
Old 07-09-2012, 09:32 PM   #4
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,774

Rep: Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081Reputation: 2081
Also see mlock(2) to make sure your secret data isn't written to swap space.
 
Old 07-09-2012, 09:50 PM   #5
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 21,103

Rep: Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117
Not strictly what you asked, but address space randomization is also implemented - wikipedia has an entry for that ISTR.
 
Old 07-12-2012, 09:33 AM   #6
slimm609
Member
 
Registered: May 2007
Location: Chas, SC
Distribution: slackware, gentoo, fedora, LFS, sidewinder G2, solaris, FreeBSD, RHEL, SUSE, Backtrack
Posts: 430

Rep: Reputation: 67
Grsecurity has an option to "Sanitize free memory" which will overwrite the memory a few times (3?) when it is freed up. There is a small performance hit in general but with all the security options of grsecurity the performance hit overall is normally 2-3%.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Clear Memory of Residual Applications no longer Running johnmccarthy Linux - Newbie 3 11-08-2011 08:18 AM
Clearing of memory allocated by using malloc/kmalloc/vmalloc manikumar086 Linux - Newbie 2 08-08-2011 11:46 PM
Clearing cache memory paragkalra Linux - Newbie 3 12-02-2008 04:22 AM
Residual hostname in Sendmail pauljtester Linux - Software 4 10-25-2004 01:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration