可能将内存数据从一个ios应用泄漏到另一个?
[英]possible to leak in-memory data from one ios app to another?
问题描述
Preface: I'm not an iOS developer and know next to nothing about the iOS security model. 
前言:我不是iOS开发人员,并且几乎不了解iOS安全模型。 So forgive me if this question is truly dumb. 如果这个问题真的很愚蠢,请原谅我。 :) :)
Consider an app, called MyApp, that does the following when launched: 考虑一个名为MyApp的应用程序,该应用程序在启动时会执行以下操作:
- Dynamically allocates a chunk of memory, say using malloc(). 动态分配一块内存,例如使用malloc()。
- Loads some sensitive data over the network and stores it in that chunk of memory. 通过网络加载一些敏感数据并将其存储在该内存块中。
- Sits there doing nothing. 坐在那里无所事事。
Now consider the following scenario: 现在考虑以下情形:
- User launches MyApp. 用户启动MyApp。
- User closes MyApp. 用户关闭MyApp。
- User launches SomeOtherApp. 用户启动SomeOtherApp。
My question: If SomeOtherApp also dynamically allocates memory is it possible that one of the buffers returned by the OS will contain the sensitive data placed there by the (now closed) invocation of MyApp? 我的问题:如果SomeOtherApp也动态分配内存,那么OS返回的缓冲区之一是否可能包含MyApp(现在已关闭)调用所放置的敏感数据?
Or are the contents of RAM treated as part of the sandbox in which an app runs? 还是将RAM的内容视为运行应用程序的沙箱的一部分?
1 个解决方案
解决方案1
-1 2013-07-18 02:36:51
Theoretically once the user closes the app (you have to make sure that the app is closed and not just running in the background) the memory that was allocated to that process is deallocated and returned. 从理论上讲,一旦用户关闭了该应用程序(您必须确保该应用程序已关闭,而不仅仅是在后台运行),分配给该进程的内存就会被释放并返回。
To quote from a tutorial on ARC: 引用ARC教程中的内容:
"With Automatic Reference Counting enabled, the compiler will automatically insert retain, release and autorelease in the correct places in your program. You no longer have to worry about any of this, because the compiler does it for you." “启用自动引用计数后,编译器将在程序的正确位置自动插入保留,释放和自动释放。您不必再为这些担心,因为编译器会为您这样做。”
So when an app closes, all references to any objects which had some sort of memory allocation will be cleared because there will be no objects to reference when the app is not running. 因此,当应用程序关闭时,将清除对具有某种内存分配的任何对象的所有引用,因为在应用程序不运行时将没有对象可供引用。
The reason that I say that you have to make sure that it is closed is because some apps, by default, will not close when you press the home button, but will in fact continue to run in the background. 我之所以说您必须确保已关闭它,是因为默认情况下,某些应用在按下主屏幕按钮时不会关闭,但实际上会继续在后台运行。 This might cause a potential security threat, but unlikely. 这可能会导致潜在的安全威胁,但可能性很小。 To ensure that NO memory is still being held on to by that app, make sure that it actually fully closes each time. 为确保该应用程序仍不保留任何内存,请确保每次实际上都完全关闭该内存。 Make sure that the code is done right and that the person who is writing it, knows and is keeping track of the memory that he allocates. 确保代码正确完成,并且正在编写代码的人员知道并跟踪他分配的内存。
If security is a big issue, then make sure that all of the memory that does get allocated get properly deallocated in your code. 如果安全性是一个大问题,那么请确保确实分配了所有内存,并在代码中正确释放了这些内存。 Then make sure that you do an insane amount of testing for memory leaks and whatnot to make sure that no object is left lying with some amount of memory. 然后,请确保对内存泄漏进行了疯狂的测试,而没有其他方法来确保没有任何对象躺在一定数量的内存中。
I would just like to say that I am not a professional on memory management of even ARC, so it would be best to check with a couple other sources to ensure that my answer is correct. 我只想说我不是ARC的内存管理专家,所以最好与其他两个来源进行核对,以确保我的答案正确。
If I have spoken in err, someone hit me. 如果我说错了,有人打我。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.