Re: CVS commit: src

To: tech-kern%netbsd.org@localhost, Elad Efrat <elad%NetBSD.org@localhost>
Subject: Re: CVS commit: src
From: David Holland <dholland-sourcechanges%netbsd.org@localhost>
Date: Wed, 26 Aug 2009 20:07:41 +0000

On Wed, Aug 26, 2009 at 12:23:39AM -0400, Elad Efrat wrote:
> Unrelated to the topic of the thread, but kmem(9) says:
>
> SECURITY CONSIDERATION
>      As the memory allocated by kmem_alloc() is uninitialized, it can
>      contain security-sensitive data left by its previous user.  It is
>      the caller's responsibility not to expose it to the world.
>
> Shouldn't it be the responsibility of the security-sensitive subsystem
> to clear the memory before it is freed, rather than the responsibility
> of every kmem_alloc() caller?

All recycled kernel memory, including stack frames, is considered
security-sensitive and not supposed to be exposed to the world. (Given
that you're working on the security system, you ought to know this.)
It is a matter of proper copyout() usage.

-- 
David A. Holland
dholland%netbsd.org@localhost

Follow-Ups:
- Re: CVS commit: src
  - From: Elad Efrat

References:
- Re: CVS commit: src
  - From: YAMAMOTO Takashi
- Re: CVS commit: src
  - From: YAMAMOTO Takashi
- Re: CVS commit: src
  - From: Elad Efrat

Prev by Date: Re: CVS commit: src/sys/arch/mips/mips
Next by Date: Re: CVS commit: src/sys/common/bus_dma
Previous by Thread: Re: CVS commit: src
Next by Thread: Re: CVS commit: src
Indexes:

Home | Main Index | Thread Index | Old Index