Issue
I am curious to know what happens to the data of a process in RAM when the process is terminated on popular operating systems like Unix-based systems (GNU/Linux or Mac) and Windows.
Suppose we're developing an application that loads sensitive information such as encryption-keys or passwords into RAM, will this data remain in RAM for another process to access if we don't overwrite it?
I understand that RAM is a type of volatile memory, requiring constant refreshing (re-overwriting with the same value at very short intervals) to keep storing data from a hardware perspective. Does this refreshing process relate to what happens to data after a process is completed, such as the cells not being refreshed and losing their value?
I also have another question related to this matter, In C-like programming languages, if you begin reading from uninitialized bytes of RAM, you'll get random values like:
#include <iostream>
#include <cstring>
using namespace std;
void print_bytes(void *ptr, int size)
{
cout<<"Address : "<<ptr<<endl<<"Size in bytes : "<<size<<endl;
unsigned char *p = (unsigned char *) ptr;
int i;
for (i=size-1; i>=0; i--) {
printf("%02hhX ", p[i]);
}
cout<<endl<<"==================================="<<endl;
}
int main()
{
int a;
float b;
double c;
char d;
string e;
bool f;
print_bytes( &a , sizeof(a) );
print_bytes( &b , sizeof(b) );
print_bytes( &c , sizeof(c) );
print_bytes( &d , sizeof(d) );
print_bytes( &e , sizeof(e) );
print_bytes( &f , sizeof(f) );
return 0;
}
┌──(user㉿dhcppc4)-[~]
└─$ g++ test.cpp && ./a.out 130 ⨯
Address : 0x7fffb762f35c
Size in bytes : 4
00 00 7F FF
===================================
Address : 0x7fffb762f358
Size in bytes : 4
B7 62 F4 88
===================================
Address : 0x7fffb762f350
Size in bytes : 8
2E 78 78 63 62 69 6C 67
===================================
Address : 0x7fffb762f34f
Size in bytes : 1
00
===================================
Address : 0x7fffb762f320
Size in bytes : 32
00 00 7F 1A 6F DF D5 B8 6C 6F 6F 70 5F 68 65 00 00 00 00 00 00 00 00 00 00 00 7F FF B7 62 F3 30
===================================
Address : 0x7fffb762f31f
Size in bytes : 1
00
===================================
What are these values? Is there any chance that these could contain data from a terminated process?
I Also appreciate any introducing of references about this specific topic for further reading.
Solution
Suppose we're developing an application that loads sensitive information such as encryption-keys or passwords into RAM, will this data remain in RAM for another process to access if we don't overwrite it?
It remains in RAM, but no other process can access it.
Access to RAM is mediated by the virtual memory subsystem. A process can only access the pages of RAM that correspond to pages of its virtual memory.
When a process gets a new page of virtual memory, and RAN is assigned to it, the RAM is zeroed to prevent reading any data left over from the previous process that was using that RAM page.
Answered By - Barmar Answer Checked By - Willingham (WPSolving Volunteer)