0

O/S has free pool of pages. So different process can release pages into free pool. Before it takes a page from pool O/S zero-out page. Because their may be confidential data on pages. But why it zero-out? Is it necessary? It can't see even if their is confidential data. because address spaces of different process is unique.

What is the reason for zero-out pages before allocate?

Kasun
  • 672
  • 8
  • 18
  • 1
    Already answered [here](https://stackoverflow.com/a/1309314/13020139) and [here](https://stackoverflow.com/questions/786093/does-using-securezeromemory-really-help-to-make-the-application-more-secure) – wxz Feb 20 '21 at 06:39

1 Answers1

3

Processes can see confidential data if the OS lets them.

If process A gets a page of physical memory, and writes confidential data to that page, and then frees it, and then process B gets the same physical page, process B can see the data on that page!

The only reason why process B normally can't see the data is BECAUSE the operating system zeroes it out!

user253751
  • 57,427
  • 7
  • 48
  • 90
  • I understand the concept and rationale for zero on demand pages but I am missing something key about when this is done and if it is always or usually done. When I run my program and try to access an array that has been uninitialized, I get garbage. Why isn't is already set to zero's instead. I would ask the question as a question but I am gunshy after being downvoted for what I thought was a reasonable and reasonably researched question. – ClayD Apr 20 '23 at 03:41
  • @ClayD The OS zeroes pages that it gives to processes. Your array isn't a new page from the OS - it's part of the stack, a bunch of pages which are used by every function call, and there were functions before yours (even before `main`) because of the C library, which is part of your process and not separated from it – user253751 Apr 20 '23 at 09:56