Re: Shared system resources

Поиск
Список
Период
Сортировка
От oleg yusim
Тема Re: Shared system resources
Дата
Msg-id CAKd4e_FLd+00YzaZGiu054f=FAWQUbzD0tapPNHFT_vXcYxtwA@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Shared system resources  (George Neuner <gneuner2@comcast.net>)
Ответы Re: Shared system resources  (David Wilson <dw+pg@hmmz.org>)
Список pgsql-general
Дерево обсуждения
HI George,

Thanks, this information clears the situation. Now, question to you and David.

May we run into situation, when attacker dumps memory and analyses it for valuable content, instead of reserving it for own process, where it would be zeroed? My understanding, it is a possibility. Does kernel have any safeguard against it?

Thanks,

Oleg

On Wed, Dec 23, 2015 at 2:13 AM, George Neuner <gneuner2@comcast.net> wrote:
On Tue, 22 Dec 2015 23:21:27 +0000, David Wilson <dw+pg@hmmz.org>
wrote:

>On Linux the memory pages of an exiting process aren't sanitized at
>exit, however it is impossible(?) for userspace to reallocate them
>without the kernel first zeroing their contents.

Not impossible, but it requires a non-standard kernel.

Since 2.6.33, mmap() accepts the flag MAP_UNINITIALIZED which allows
pages to be mapped without being cleared.  The flag has no effect
unless the kernel was built with CONFIG_MMAP_ALLOW_UNINITIALIZED.


No mainstream distro enables this.  AFAIK, there is NO distro at all
that enables it ... it's too big a security risk for a general purpose
system.  It's intended to support embedded systems where the set of
programs is known.

George



--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

В списке pgsql-general по дате отправления:

Предыдущее
От: Kevin Grittner
Дата:
Сообщение: Re: Secret Santa List
Следующее
От: David Wilson
Дата:
Сообщение: Re: Shared system resources