Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lockedpool: When possible, use madvise to avoid including sensitive information in core dumps or forked process memory spaces #15600

Closed
wants to merge 1 commit into from

Conversation

Projects
None yet
2 participants
@luke-jr
Copy link
Member

commented Mar 14, 2019

If we're mlocking something, it's because it's sensitive information. Therefore, don't include it in core dump files, and unmap it from forked processes.

The return value is not checked because the madvise calls might fail on older kernels as a rule (unsure).

lockedpool: When possible, use madvise to avoid including sensitive i…
…nformation in core dumps or forked process memory spaces

@luke-jr luke-jr force-pushed the luke-jr:lockedpool_dontdump branch from b021868 to 23d5d9a Mar 14, 2019

@luke-jr

This comment has been minimized.

Copy link
Member Author

commented May 5, 2019

No apparent reviewer interest, and it seems to break -daemon with no obvious solution.

@luke-jr luke-jr closed this May 5, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.