[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: src
On Wed, Aug 26, 2009 at 12:23:39AM -0400, Elad Efrat wrote:
> Unrelated to the topic of the thread, but kmem(9) says:
> SECURITY CONSIDERATION
> As the memory allocated by kmem_alloc() is uninitialized, it can
> contain security-sensitive data left by its previous user. It is
> the caller's responsibility not to expose it to the world.
> Shouldn't it be the responsibility of the security-sensitive subsystem
> to clear the memory before it is freed, rather than the responsibility
> of every kmem_alloc() caller?
All recycled kernel memory, including stack frames, is considered
security-sensitive and not supposed to be exposed to the world. (Given
that you're working on the security system, you ought to know this.)
It is a matter of proper copyout() usage.
David A. Holland
Main Index |
Thread Index |