Thus spake Jason Spence (thalakanat_private): > I was trying to explain to someone why it's important to do a > memset(3) on newly allocated memory by firing up gdb and doing > hexdumps of raw uninitialized memory, when I noticed there was what > looked like privileged information in the hexdump! Your operating system is broken, then. > I don't know very much about the specifics of how malloc works, but is > this a valid method of trying to get privileged information from an > unprivilieged account? For example, does memory that root allocates > then deallocates become available to user processes via malloc(3)? Both anonymous mmap and brk (the Unix methods for implementing malloc) are specified to return zero-filled pages. > I'm going to research this some more and put together a report with > the feedback I get if it turns out that this is a valid method of > attacking a system from a non-root account. This wasn't perchance a Microsoft operating system you were using? Felix
This archive was generated by hypermail 2b30 : Tue Jun 26 2001 - 23:29:00 PDT