Re: Getting passwords from the heap?

• Previous message: Felix von Leitner: "Re: Getting passwords from the heap?"
• In reply to: Jason Spence: "Getting passwords from the heap?"
• Next in thread: Jason Spence: "Re: Getting passwords from the heap?"
• Reply: Jason Spence: "Re: Getting passwords from the heap?"
• Reply: Cabezon Aurélien [iSecureLabs]: "Source code of the Sadmin Worm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I played with this a while back but couldnt find any other memory but my own. 
 What OS/kernel?  Theoretically the actual Pages should be zero'd out before 
another user can use them...

On Monday 25 June 2001 03:21 pm, Jason Spence wrote:
> Hi -
>
> I was trying to explain to someone why it's important to do a
> memset(3) on newly allocated memory by firing up gdb and doing
> hexdumps of raw uninitialized memory, when I noticed there was what
> looked like privileged information in the hexdump!
>
> I don't know very much about the specifics of how malloc works, but is
> this a valid method of trying to get privileged information from an
> unprivilieged account?  For example, does memory that root allocates
> then deallocates become available to user processes via malloc(3)?
>
> I'm going to research this some more and put together a report with
> the feedback I get if it turns out that this is a valid method of
> attacking a system from a non-root account.

• Next message: KF: "m4 and format strings"
• Previous message: Felix von Leitner: "Re: Getting passwords from the heap?"
• In reply to: Jason Spence: "Getting passwords from the heap?"
• Next in thread: Jason Spence: "Re: Getting passwords from the heap?"
• Reply: Jason Spence: "Re: Getting passwords from the heap?"
• Reply: Cabezon Aurélien [iSecureLabs]: "Source code of the Sadmin Worm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 26 2001 - 23:35:43 PDT