Bugtraq mailing list archives
Re: Leftover data in other files (was Re: Sun StarOffice documents
From: jsl2 () JEDITECH COM
Date: Tue, 5 Sep 2000 20:45:04 -0700
On Tue, 5 Sep 2000 pedward () webcom com wrote:
Windows NT, as well as any other decent OS, will clear RAM and disk buffers before giving them to a user-mode app. I would be surprised if Linux suffered from this problem.Umm, ever written a program and used a variable that was uninitialized? That's what it's called; unitialized variables. This is a common mistake
I think you brought up two points in your message, so let me answer each in turn: - After malloc(), an application can always end up with "junk" it created earlier. For example, it could be reusing its own heap. (Kurt Seifried's message indicated to me the leftover data was not the result of what he did in StarOffice) - Some OS's sanitize (clear) RAM before handing it to an app. On such an OS, applications will never receive RAM that containes junk from another app. Examples of OS's that clear RAM are Windows NT, Solaris, and I expect, other UNIX'es. OS's that do NOT clear RAM include Windows 9x, DOS, etc. Same idea can be extended to disk buffers, and ultimately, files on a disk. Somebody (sorry, I deleted the e-mail too quickly) pointed out that clearing RAM is costly. That is true; but for security purposes, the OS must do that to minimize information leaks. RAM can be sanitized by the idle thread - there's usually some idle time even in busy servers.
I have long wanted to write a program that just allocates random chunks of memory and searches for data, such as DES password strings.
....
The searching for data on a unix machine is elementary. You can use mmap or malloc to allocate memory, then scan it and deallocate the memory.
You shouldn't find anything of value on any recent UNIX, Windows NT, etc. Unless you did that in kernel mode. For example, I just tried it on a busy Solaris 2.7 workstation (RAM is filled with lots 'o apps) and got nothing but clear memory. Extend same idea to swapfile pages. However, bugs and mis-features do happen. :-) If you find a system on which that works, let us know! Historical note: Remember the big scare in the early 90's about Prodigy on-line service... people reported seeing parts of their private documents in Prodigy cache files, etc. IIRC it was caused by this same problem - disk clusters weren't cleared when those sparse files were created. There was a lot of FUD going around back then... -James
Current thread:
- Re: Leftover data in other files (was Re: Sun StarOffice documents jsl2 (Sep 05)