On Sun, 20 Apr 2014 15:00:28 -0400 Nathan Dorfman wrote: > On Sun, Apr 20, 2014 at 2:31 PM, Jamie Landeg-Jones > <jamie@dyslexicfish.net> wrote: > > Once memory has been freed, I thought any attempt by a user process > > to access it would cause a SIGSEV. > > > > I thought the issue was with programs that inadvertantly expose > > (either to read or write) other parts of their active memory. > > > > Of course, if a process rolls it's own in-process implementation > > of malloc/free, then this point is moot, but once you free memory > > back to the system, isn't in no longer accessable anyway? > > free() doesn't usually "free memory back to the system." It just puts > it back onto a "free list" managed by libc, entirely within the > process's address space. It can return the physical memory, but there are a couple of caveats. Firstly, it can only return whole pages. Secondly, it's not returned instantaneously to avoid the overhead of page-faults and zeroing pages if that region is remalloced. It's left to the page-daemon to recover the physical memory in its own time, and it remains readable by it's previous process until it's reassigned. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"