Reputation: 697
How can memory leaks cause information leak?
I am a little bit confused about this thing. I know that every program written in a language that does not use automatic garbage collection, has to free all of its resources before exiting, else memory leaks appear.
My question is, how these memory leaks lead to information leaks such as leaking passwords etc.?
My understanding is that after a program exits, the memory it was using can be reused or inspected by another program. So if that memory area was not cleared, it will contain some important information such as a password.
Upvotes: 0
Views: 732
Answers (2)
Reputation: 26763
It is true that a memory which was used by a program might still contain interesting information after it terminated/exited.
That is however also true for a program which does not contain any memory leaks. Correctly freeing allocated memory does not clear it.
It is however very likely that any program which does not correctly free allocated memory, might also fail to safely delete information inside that forgotten/leaked memory.
Note that "leaked" in this case is referring to memory which did not get freed before end of program, ignoring the fact that such memory will be recovered by practically every modern operating system. The memory is available for use by other programs, especially programs being started later.
Operating systems which do delete explicitly or implicity freed memory are possible, but unlikely outside of dedicated security related use cases.
Above with "deleting explicitly" I mean the program itself writing irrelevant information before freeing. With "deleting implicitly" I mean freeing it is sufficient, the deleting happening somehow during free().
I am using C as an example language, the tag was there but has been deleted (not unreasonably).
Garabge collection (in languages which imply it) does not change anything about this. Garbage collection (while releiving from the duty to correctly free memory) can implicitly overwriting newly reavailable memory, but do not guarantee it; exactly as the freeing mechanisms in languages without garabage collection.
Upvotes: 1
Reputation: 1161
the problem is independent of memory leaks and garbage collection.
after memory is no longer needed its content is not removed, its just marked as free. this way if your application had a password in memory, it can stay there even after the program is quit.
to prevent such leakage of information you actively have to overwrite the spot in memory where you had some critical information stored.
Upvotes: 0
Related Questions
- What is a Memory Safety Vulnerability?
- Do Small Memory Leaks Matter Anymore?
- What is a memory leak?
- Should memory leak always results high memory consumption?
- The concept of Memory Leaks
- Impact of memory leak on other process
- Memory Leak and Operating System
- Another memory leak question
- Hidden memory leaks
- Why are memory leaks common?