Vulnerability Development mailing list archives
Re: Getting passwords from the heap?
From: "Dennis McHenry" <ronmch () comports com>
Date: Tue, 26 Jun 2001 23:33:46 -0700
From: "Felix von Leitner" <leitner () vim org>
This wasn't perchance a Microsoft operating system you were using?
It's been a while since I've done C for a win system, but as I recall Malloc returns zeroed-out chunks. My response to Jason's point, though, is that if a program doesn't handle sensitive information in a prudent manner (preventing it from being swapped to disk, overwriting the memory space where it was stored, etc.), the information could indeed be in memory. I'd label this as a programming error for the application that left it's sensitive info. sitting around, rather than an OS problem (I don't recall Windows saying it wiped memory after closing applications). If you're using a win box, you can use debug to examine memory remnants. -Dennis ----- Original Message ----- From: "Felix von Leitner" <leitner () vim org> To: <vuln-dev () securityfocus com> Sent: Tuesday, June 26, 2001 9:55 AM Subject: Re: Getting passwords from the heap?
Thus spake Jason Spence (thalakan () lightconsulting com):I was trying to explain to someone why it's important to do a memset(3) on newly allocated memory by firing up gdb and doing hexdumps of raw uninitialized memory, when I noticed there was what looked like privileged information in the hexdump!Your operating system is broken, then.I don't know very much about the specifics of how malloc works, but is this a valid method of trying to get privileged information from an unprivilieged account? For example, does memory that root allocates then deallocates become available to user processes via malloc(3)?Both anonymous mmap and brk (the Unix methods for implementing malloc) are specified to return zero-filled pages.I'm going to research this some more and put together a report with the feedback I get if it turns out that this is a valid method of attacking a system from a non-root account.This wasn't perchance a Microsoft operating system you were using? Felix
Current thread:
- Getting passwords from the heap? Jason Spence (Jun 26)
- Re: Getting passwords from the heap? Felix von Leitner (Jun 26)
- Re: Getting passwords from the heap? Dennis McHenry (Jun 27)
- Re: Getting passwords from the heap? Jason R. Seats (Jun 27)
- RE: Getting passwords from the heap? Vladimir Kraljevic (Jun 27)
- Re: Getting passwords from the heap? Dennis McHenry (Jun 27)
- Re: Getting passwords from the heap? H D Moore (Jun 26)
- Re: Getting passwords from the heap? Jason Spence (Jun 27)
- Re: Getting passwords from the heap? H D Moore (Jun 27)
- Re: Getting passwords from the heap? Aigars Grins (Jun 27)
- Re: Getting passwords from the heap? Jason Spence (Jun 27)
- Re: Getting passwords from the heap? ian (Jun 28)
- Re: Getting passwords from the heap? Jason Spence (Jun 27)
- Re: Getting passwords from the heap? Felix von Leitner (Jun 26)
- Source code of the Sadmin Worm Cabezon Aurélien [iSecureLabs] (Jun 27)
- <Possible follow-ups>
- RE: Getting passwords from the heap? Michael Wojcik (Jun 27)