Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-11-2007, 11:47 PM
|
#1
|
Senior Member
Registered: Jan 2006
Location: Charleston, SC, USA
Distribution: Debian, Gentoo, Ubuntu, RHEL
Posts: 1,148
Rep:
|
Preventing Swap?
I have three separate but related questions. Perhaps they belong in Programming, but it is Linux- and security- specific, so I thought here would be a good place.
Is there any way for an application to request that it's memory space never be sent to swap. For instance, say I write an encryption-related application that must store plaintext in memory. I wouldn't want that to get swapped, as that leaves it somewhat vulnerable. In this case I would rather the kernel rudely kill my process than swap it.
The second question is, does the kernel ever swap any part of itself? I would imagine not, but I suppose what I'm asking is, would it work as a dirty hack to simply move the code into kernel-space?
And the final question: assuming that an application can't request to be swapped, how difficult would it be to implement that into the kernel? I'm imagining that would require digging into the guts of the kernel's memory management and process management, so pretty difficult. However, I have never even touched kernel development, so could someone clue me in to exactly the level of impracticality in implementing that?
|
|
|
08-12-2007, 12:59 AM
|
#2
|
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507
Rep:
|
I would look at the mlock() call. It does exactly what you want. Be careful not to lock too much memory, of course... I would only lock parts that MUST be secure.
|
|
|
08-12-2007, 01:00 AM
|
#3
|
Senior Member
Registered: Jan 2006
Location: Charleston, SC, USA
Distribution: Debian, Gentoo, Ubuntu, RHEL
Posts: 1,148
Original Poster
Rep:
|
Thank you greatly. I *knew* I couldn't be the first to want that.
|
|
|
08-12-2007, 01:03 AM
|
#4
|
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507
Rep:
|
Nope... it's commonly used by processes like gpg, gpg-agent, ssh-agent, and other encryption apps.
|
|
|
08-12-2007, 02:01 AM
|
#5
|
LQ Veteran
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 21,253
|
Of course you could also just encrypt the swap space.
Always more than one answer.
|
|
|
08-12-2007, 06:30 AM
|
#6
|
LQ Newbie
Registered: Aug 2007
Location: United Kingdom
Distribution: Ubuntu
Posts: 3
Rep:
|
A friend who's a computer security academic suggested that both (i) locking memory and (ii) encrypting swap space were problematic: (i) because any selfish program could make itself run faster by preventing itself swapping at the expense of forcing others to swap more and (ii) because you have the possibility of accidentally encrypting the swap space key and therefore losing the ability to decrypt swap. Perhaps he was being too pessimistic...
|
|
|
08-12-2007, 07:22 AM
|
#7
|
LQ Veteran
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 21,253
|
I was about to make a few choice comments re academics, but decided to resist.
Sufficed to note that he offerred no solution.
Sheesh ...
|
|
|
All times are GMT -5. The time now is 09:54 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|