Is there any Linux distro or kernel patch that wipes a process memory space after the process exits?
Linux zeroes out (i.e. fills with zeros) all pages of memory not when they are released, but when they are given to another process. Thus, no process may obtain data excerpts from another process. However, the pages will retain their old contents until they are reused. I am not aware of any patch which does the zeroing upon page release (Edit: as @user2313067 points out in his answer, the PaX patch offers this option, at a cost which may or may not be a problem on any given system); on a general basis, it would be detrimental to performance because it would fill caches with the zeros, evicting more "useful" data (and that's not counting swap space, which your embedded device probably lacks, but most Linux systems out there have swap).
You can force a sort-of wipeout of data by simply allocating every possible page from another process. Something like this:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int
main(void)
{
for (;;) {
void *x = malloc(2000);
if (x == NULL) {
break;
}
memset(x, 'T', 2000);
}
return 0;
}
If you run this program as root
, then it grabs all available memory and fills it (in order to force actual allocation), exiting only when there is no memory left. Running as root
is needed because the kernel reserves the last few pages to root
.
Note that filling memory up triggers OOM conditions, at which point the kernel feels allowed to shoot processes in order to make some room. This happens only when there is no free page left, i.e. the state that you want to achieve (no free page left means that all old pages have been reallocated, and therefore zeroed out). It is a kind of suicide for the OS, because the OOM handling code may kill some essential processes (it tries not to, but hey, these are just heuristics). However, this seems appropriate in your case: if tampering is detected, the device has no choice except honourable disembowelment.
So you just have to launch your critical application in a wrapper (a simple script) which launches the above program when the critical application exits (presumably because of detected tampering).
Grsecurity has PAX_MEMORY_SANITIZE to do this. See the option on this page.