Seemingly did not write three essays, and on the record about recently engaged in things right.
When we write programs, often ignore one thing that instantly erase sensitive data, such as user passwords and keys, Imagine, at the end of your program, the key was left in the free memory area, which If there is another process when it applied for, or an attacker to read the memory data, it would be worth the defeat.
In fact, system developers have considered this and do a certain degree of protection - in Windows, the system will automatically clear memory was returned after the end of the process, but not a Linux system, may be out performance considerations, Linux Lazy using one kind of thinking to clear data. When an application process when memory, Linux just assign a virtual zero pages to it, and then how to read the program at this time can only be read from this buffer 0, only when the write action occurs (such as a buffer assigned to the when a byte), the system will allocate a real physical memory (Comrade interested can write a demo to try, but continuing claims without memory assignment, then look Explorer, give the demo of memory should be no increase), then the virtual memory mapping and coverage before it is written above, Linux page size is 4KB, this time will be the size of a 4KB memory write, for example:
1 int main() 2 { 3 unsigned char * buffer = malloc(1024); 4 5 for (int i=0; i<sizeof buffer; i++) 6 printf("%02X ", buffer[i]); 7 8 buffer[3] = 0xff; 9 10 for (int i=0; i<sizeof buffer; i++) 11 printf("%02X ", buffer[i]); 12 free(buffer); 13 return 0; 14 }
Suppose the above procedure running under Linux, although application to the line buffer 3 is not initialized, but the principle of copy-on-write, read row value 5,6 0x0 necessarily all, and at this time no actual physical memory is allocated to the process, only line 8 is finished, the system will assign a page to the current process, and this page will be covered by written 00 00 00 ff 00 00 00 ......
This mechanism can prevent a process to read sensitive data in memory of other processes freed, but the so-called "anti-anti-villain is not a gentleman," it can effectively prevent the "legal" read the memory data, but can not simply anti-DMA, such cold-boot attacks. So, for sensitive data, or to promptly erased fishes.
However, memory is not clear what to call memset so simple, if the line 12 before the program is free to add that memset (buffer, 0, sizeof buffer), and that as long as the compiler optimization opened, it will be when seek death Code rid of --Dead Store Elimination it will be opened in the GCC -O1 time, while the GCC is the default optimization option -O2.
About cleared memory, there is a USENIX Security 2017 article talking about a more comprehensive, posted here links https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-yang.pdf, gay interest you can see, I'll have time to talk about this issue in detail.