Hi,

On Wed, Jan 11, 2012 at 4:53 AM, ??? [off-list ref] wrote:

Hi,
? ?My tutor asked me to test whether one process leaves information in
memory after it is dead. I tried to search some article about such thing on
the Internet but there seems to be no one discuss about it. And after that,
I tried to write some program in the User Mode to test it, using fork() to
create lots of processes and filling char 'a' into a 102400 bytes char array
in each process. Then I used malloc() to get some memory to seek char 'a' in
a new one process or many new processes, but failed. All memory I malloced
was full of zero.

Yeah - so if it were possible for one process to get information about
another process like that you would have a security leak.

? ?As the man page of malloc said:"The memory is not initialized", I believe
that the memory which was got by malloc() could be used by other process,
and therefor information leakage exists. But how can I test it? Or where can
I get related information?

All pages allocated from the OS will be initially zero'd, however,
once your process owns the page, if you filled it with Z's and then
freed it and reallocated you might very weill get your Z's back
instead of 0's. You'll never get data from another process though.

-- 
Dave Hylands
Shuswap, BC, Canada
http://www.davehylands.com