Databases
StackOverflow2013
Postsdbo
POHow to overwrite php memory for security reason?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POHow to overwrite php memory for security reason?
    text
    copied!<p>I am actually working on a security script and it seems that I meet a problem with PHP and the way PHP uses memory.</p> <p>my.php:</p> <pre><code>&lt;?php // Display current PID echo 'pid= ', posix_getpid(), PHP_EOL; // The user type a very secret key echo 'Fill secret: '; $my_secret_key = trim(fgets(STDIN)); // 'Destroty' the secret key unset($my_secret_key); // Wait for something echo 'waiting...'; sleep(60); </code></pre> <p>And now I run the script:</p> <pre><code>php my.php pid= 1402 Fill secret: AZERTY &lt;= User input waiting... </code></pre> <p>Before the script end (while sleeping), I generate a core file sending SIGSEV signal to the script</p> <pre><code>kill -11 1402 </code></pre> <p>I inspect the corefile:</p> <pre><code> strings core | less </code></pre> <p>Here is an extract of the result:</p> <pre><code>... fjssdd sleep STDIN AZERTY &lt;==== this is the secret key zergdf ... </code></pre> <p>I understand that the memory is just released with the unset and not 'destroyed'. The data are not really removed (a call to the free() function)</p> <p>So if someone dumps the memory of the process, even after the script execution, he could read $my_secret_key (until the memory space will be overwritten by another process)</p> <p>Is there a way to overwrite this memory segment of the full memory space after the PHP script execution?</p> <hr> <p>Thanks to all for your comments.</p> <p>I already now how memory is managed by the system.</p> <p>Even if PHP doesn't use malloc and free (but some edited versions like emalloc or efree), it seems (and I understand why) it is simply impossible for PHP to 'trash' after freeing disallowed memory.</p> <p>The question was more by curiosity, and every comments seems to confirm what I previously intend to do: write a little piece of code in a memory aware language (c?) to handle this special part by allocating a simple string with malloc, overwriting with XXXXXX after using THEN freeing.</p> <p>Thanks to all</p> <p>J</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload