Vulnerability Development mailing list archives

Re: Getting passwords from the heap?

From: H D Moore <hdm () secureaustin com>
Date: Tue, 26 Jun 2001 10:10:56 -0500

I played with this a while back but couldnt find any other memory but my own. 
 What OS/kernel?  Theoretically the actual Pages should be zero'd out before 
another user can use them...

On Monday 25 June 2001 03:21 pm, Jason Spence wrote:

Hi -

I was trying to explain to someone why it's important to do a
memset(3) on newly allocated memory by firing up gdb and doing
hexdumps of raw uninitialized memory, when I noticed there was what
looked like privileged information in the hexdump!

I don't know very much about the specifics of how malloc works, but is
this a valid method of trying to get privileged information from an
unprivilieged account?  For example, does memory that root allocates
then deallocates become available to user processes via malloc(3)?

I'm going to research this some more and put together a report with
the feedback I get if it turns out that this is a valid method of
attacking a system from a non-root account.

Current thread:

Getting passwords from the heap? Jason Spence (Jun 26)
- Re: Getting passwords from the heap? Felix von Leitner (Jun 26)
  - Re: Getting passwords from the heap? Dennis McHenry (Jun 27)
    - Re: Getting passwords from the heap? Jason R. Seats (Jun 27)
    - RE: Getting passwords from the heap? Vladimir Kraljevic (Jun 27)
- Re: Getting passwords from the heap? H D Moore (Jun 26)
  - Re: Getting passwords from the heap? Jason Spence (Jun 27)
    - Re: Getting passwords from the heap? H D Moore (Jun 27)
    - Re: Getting passwords from the heap? Aigars Grins (Jun 27)
    - Re: Getting passwords from the heap? Jason Spence (Jun 27)
    - Re: Getting passwords from the heap? ian (Jun 28)
  - Source code of the Sadmin Worm Cabezon Aurélien [iSecureLabs] (Jun 27)
- <Possible follow-ups>
- RE: Getting passwords from the heap? Michael Wojcik (Jun 27)