Vulnerability Development mailing list archives
RE: Getting passwords from the heap?
From: "Vladimir Kraljevic" <vladimir_kraljevic () llbudapest hu>
Date: Wed, 27 Jun 2001 17:56:27 +0200
AFAIK, malloc() CAN, but usually not returns cleared memory (it is much better to assume that, for all platforms). calloc() MUST (but don't believe every word). On Windows, you can call ZeroMemory() to clear memory, or call LocalAlloc(LPTR, LMEM_FIXED|LMEM_ZEROINIT) to achieve the same goal). You can always write your paranoid functions, like PGP 2.6.2i implements BurnMemory(), but again, not on all points, there is no need to do that, burn only sensitive memory (God bless fast routines). Content of memory that malloc() returns depends on C++ compiler implementation, release or debug build, debugging tools used, prolog and epilog code (for example, if it is debug build BoundsChecker will fill returned heap with some specific byte and extend the requested amount of memory by size of guard block, Visual C++ will set it to 0xCC [int 3]). You cannot make platform independent "tool" that explores heap (unfortunately), espetially memory of other processes (of course, there are some special circumstances under which you can, depends on OS, but it is easier and makes more sense to intercept keyboard input [as a driver, as a hook] if you need a password, or call a good lady and chat-a-little, or try to make your home grown Tempest). Theoretically, you can get some sensitive information (depends on many factors), but probability to get something (and to know that that is sensitive) is equal to catch a fish in the late afternoon, at least on WinNT (not because it is so secure, but because it is chaos out there). I suppose that for *nix/*nux it should be the same.
Current thread:
- Getting passwords from the heap? Jason Spence (Jun 26)
- Re: Getting passwords from the heap? Felix von Leitner (Jun 26)
- Re: Getting passwords from the heap? Dennis McHenry (Jun 27)
- Re: Getting passwords from the heap? Jason R. Seats (Jun 27)
- RE: Getting passwords from the heap? Vladimir Kraljevic (Jun 27)
- Re: Getting passwords from the heap? Dennis McHenry (Jun 27)
- Re: Getting passwords from the heap? H D Moore (Jun 26)
- Re: Getting passwords from the heap? Jason Spence (Jun 27)
- Re: Getting passwords from the heap? H D Moore (Jun 27)
- Re: Getting passwords from the heap? Aigars Grins (Jun 27)
- Re: Getting passwords from the heap? Jason Spence (Jun 27)
- Re: Getting passwords from the heap? ian (Jun 28)
- Re: Getting passwords from the heap? Jason Spence (Jun 27)
- Re: Getting passwords from the heap? Felix von Leitner (Jun 26)
- Source code of the Sadmin Worm Cabezon Aurélien [iSecureLabs] (Jun 27)
- <Possible follow-ups>
- RE: Getting passwords from the heap? Michael Wojcik (Jun 27)