Does Linux process exist information leakage?

Greg Freemyer greg.freemyer at gmail.com
Wed Jan 11 13:44:59 EST 2012 

"夏业添" <summerxyt at gmail.com> wrote:

>Hi,
>   My tutor asked me to test whether one process leaves information in
>memory after it is dead. I tried to search some article about such
>thing on
>the Internet but there seems to be no one discuss about it. And after
>that,
>I tried to write some program in the User Mode to test it, using fork()
>to
>create lots of processes and filling char 'a' into a 102400 bytes char
>array in each process. Then I used malloc() to get some memory to seek
>char
>'a' in a new one process or many new processes, but failed. All memory
>I
>malloced was full of zero.
>   As the man page of malloc said:"The memory is not initialized", I
>believe that the memory which was got by malloc() could be used by
>other
>process, and therefor information leakage exists. But how can I test
>it? Or
>where can I get related information?
>   Thanks!
>_______________________________________________
>Kernelnewbies mailing list
>Kernelnewbies at kernelnewbies.org
>http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

I guess you know what a zombie is?  Someone that is dead, but is still hanging around.

When a linux process dies, it first becomes a zombie and the parent process is signaled.

The parent process at that point can still do various things.  If the parent is a debugger, it can get all sorts of details from the zombie.

When the parent acknowledges the death of child signal, the zombie is really killed and removed from the system tables, etc.

But in my mind when the child process becomes a zombie it is dead and basically everything about the task/process is still maintained in memory.

To test this write a simple c program that initializes some ram then calls exit().

Then run it in a debugger like gdb and see what details you can get out while the program is in a zombie state.

Fyi: I haven't done this in years, so it may not be easy to actually do that.

Greg

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

More information about the Kernelnewbies mailing list