The hardware gives different levels of privilege. The kernel is a critical component of the operating system that operates at the highest privilege level (yes, I realize there are complexities with virtualization) and regulates the privilege levels. The kernel forbids applications from accessing or writing to each other’s memory at a lower level. The kernel provides RAM to applications in the form of pages (usually 4 or 8 kB). The kernel blocks and severely punishes any program that attempts to access a page belonging to another application (“segmentation fault”, “general protection fault”…).
When an application no longer requires a page (for example, when it leaves), the kernel assumes ownership of the page and may assign it to another process. Modern operating systems “blank” pages before returning them to the user, where “blanking” refers to “filling with zeros.” This prevents data from flowing from one process to another. It should be noted that Windows 95/98/Millenium did not support blank pages, and leaks were possible… but these operating systems were designed for a single user per computer.
There are methods to avoid the kernel’s wrath: a few doors are open to apps with “enough privilege” (not the same kind of privileges as above). On a Linux system, this is known as ptrace (). Through ptrace(), the kernel allows one process to read and write the memory of another, provided that both processes have the same user ID or that the one doing the ptrace() is a “root” process. Windows has a feature that is similar.
The main truth is that RAM passwords are no more secure than what the operating system permits. By keeping certain private data in a process’s memory, you are trusting the operating system not to give it away to third parties. The operating system is your buddy because if the operating system is your adversary, you are doomed.
ZOFixer.com security scan helps to find this vulnerability in your web application, you can easily use it by registering on our website and activating the 30-day trial.