# How secure is RAM/memory on FreeBSD systems?



## getopt (Aug 7, 2016)

Can any leftover from FreeBSD user applications be found in RAM?

What leftover can probably be found in memory after running FreeBSD user applications i.e. editors or entered passwords/phrases on the command line?

Are there any editors for FreeBSD available that are encrypting their used memory?

What tools can be used for dumping or scanning memory when examining (running) processes? Are savecore(8) and textdump(4) the way to go or are there other utilities more helpful?

What knobs does the FreeBSD OS provide for enhanced memory protection?


----------



## fossette (Aug 7, 2016)

It's a little paranoid, but still a possible vulnerability.  However, it could probably be great for marketing purposes (We have it, they don't!).  My guess (and surely yours) is it's a tradeoff between efficiency and security.  Erasing a memory page just before being replaced by some swapped code/data is secure, but not efficient.  Perhaps an 'easy' way would be creating a tool that reserves a fixed physical memory pool, have the application to be secured run from there, and wipe it out afterward.  The MMU will automatically protect the memory pool against intrusions while in use.  Another alternative is to implement a special file flag that instructs the kernel to automatically disinfect any memory after use.  But for that to happen, someone with serious FreeBSD knowledge will need to push code updates, and I would bet that, for such a slim chance of privacy breach, this issue is not a priority at all in their long task list.

And for your other question, the easiest and fastest way to read the memory would be the use of a logic analyzer.  ;-)  (Sorry, I'm not familiar with all the FreeBSD tools.)

Dominique.


----------



## getopt (Aug 7, 2016)

My intention here is not to collect opinions about paranoia, probability or efficiency. As I did not refer to other OSs I also do not want to compare marketing statements.


----------



## drhowarddrfine (Aug 7, 2016)

I used to read articles about this but it's been quite a while and I remember little about them. You can probably still find them online.

iirc, it was the responsibility of the programmer to clear memory after use but the complaint was that software and hardware memory management may relocate sections of data making it not possible.


----------



## fossette (Aug 7, 2016)

getopt said:


> My intention here is not to collect opinions about paranoia, probability or efficiency.


You cannot avoid it!

Just to go further with the reasoning, an editor/tool can work with encrypted files, but the file content must be decrypted at some point for the editor/tool to work.  And most often, that space is the memory.  So encrypting their used memory?  Perhaps, but a moot point because it will have to be decrypted to be used, and you can't control when the MMU is going to swap the editor/tool out.

Dominique.


----------

