tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src

On Wed, Aug 26, 2009 at 12:23:39AM -0400, Elad Efrat wrote:
> Unrelated to the topic of the thread, but kmem(9) says:
>      As the memory allocated by kmem_alloc() is uninitialized, it can
>      contain security-sensitive data left by its previous user.  It is
>      the caller's responsibility not to expose it to the world.
> Shouldn't it be the responsibility of the security-sensitive subsystem
> to clear the memory before it is freed, rather than the responsibility
> of every kmem_alloc() caller?

All recycled kernel memory, including stack frames, is considered
security-sensitive and not supposed to be exposed to the world. (Given
that you're working on the security system, you ought to know this.)
It is a matter of proper copyout() usage.

David A. Holland

Home | Main Index | Thread Index | Old Index