2

In Linux/Android, when a process is killed OS kernel de-allocates all the memory (like stack, heap, etc.) associated with a process & puts it back to the memory pool; but IT IS NOT CLEARED in the RAM (i.e. these values would still be visible when a RAM dump is taken ??).

Please can you let me know how to clear (set ZERO) all the memory associated with a process to be killed?

I know "mm_struct" structure (in "sched.h") holds all the memory related info of a process. Do I need to manually go & reset all the params of this struct to ensure that the process' memory is cleared? If so, please guide me where I should be calling this clearing function.

OR

Is there another simpler way to clearing all the memory? Please let me know....

[update from comment:]

I am trying to ensure no one can steal the data from the pages (or dump) after the process is killed. I am fine with user space or kernel space solution.

alk
  • 69,737
  • 10
  • 105
  • 255
user3788234
  • 61
  • 6
  • 3
    First question: why do you want to do this? – Oliver Charlesworth Jun 29 '14 at 18:29
  • Also, note that `mm_struct` is a kernel-space data structure. Are you talking about a kernel-space or a user-space solution? – Oliver Charlesworth Jun 29 '14 at 18:31
  • 1
    Also, note that due to the virtual memory system, there is no clear definition of "the RAM" associated with your process; pages may be arbitrarily handed off to other processes at any point during the lifetime of your process. – Oliver Charlesworth Jun 29 '14 at 18:34
  • @Oli: @ Oli: Thanks for replying. I am trying to ensure no one can steal the data from the pages (or dump) after the process is killed. I am fine with user space or kernel space solution. – user3788234 Jun 29 '14 at 18:54
  • For security concerns, ALL memory requested by a process is zeroed before it's assigned. Essentially, it's mapped to a zero-filled page, with COW (copy-on-write) properties, so the first write causes a (real) page to be allocated and zeroed, then written to. See http://stackoverflow.com/questions/6004816/kernel-zeroes-memory for a better (longer) answer. – lornix Jul 01 '14 at 08:43
  • @ lornix: Thanks a lot. The concern is: if a RAM dump is taken right after the process kill memory would still contain stale data from that process & this data is considered as 'leaked to the outside world'? I am trying to address this. I am trying to modify the do_exit() in 'exit.c' (kernel) to go through all the vma_pages (start to end) and mark them as ZEROes (snippet shown below) .. Am I doing the right thing or is there a good solution? void do_exit(long code) { ... for_each_vma_region do memset(0); exit_mm(tsk); ... } – user3788234 Jul 02 '14 at 03:48
  • If a process terminates abnormally `exit()` won't necessarily get called. – alk Jul 05 '14 at 14:33
  • Related: http://security.stackexchange.com/q/42179 – alk Jul 05 '14 at 14:56
  • Do you really need to clear *all* memory, or would something like `sodium_mlock` and `sodium_memzero` on just the important bits (via the libsodium library) suffice, along with the usual no-coredumps and appropriate signal handling to limit shenanigans? – thrig Sep 12 '15 at 19:24

0 Answers0