Re: Getting passwords from the heap?

[Felix von Leitner <leitner () vim org>]

Thus spake Jason Spence (thalakan () lightconsulting com):
> I was trying to explain to someone why it's important to do a
> memset(3) on newly allocated memory by firing up gdb and doing
> hexdumps of raw uninitialized memory, when I noticed there was what
> looked like privileged information in the hexdump!

Your operating system is broken, then.

> I don't know very much about the specifics of how malloc works, but is
> this a valid method of trying to get privileged information from an
> unprivilieged account?  For example, does memory that root allocates
> then deallocates become available to user processes via malloc(3)?

Both anonymous mmap and brk (the Unix methods for implementing malloc)
are specified to return zero-filled pages.

> I'm going to research this some more and put together a report with
> the feedback I get if it turns out that this is a valid method of
> attacking a system from a non-root account.

This wasn't perchance a Microsoft operating system you were using?

Felix