Talk about the mprotect and mlock syscalls.

This commit is contained in:
Philippe PITTOLI 2024-05-17 19:52:36 +02:00
parent 8717709a2c
commit 01a1a34430

View File

@ -888,10 +888,12 @@ However, a few security mechanisms exist to prevent data leak or data modificati
.B "Preventing data leak" .
Since DODB is a library, any attack on the application using it can lead to a data leak.
For the moment, any part of the application can access data stored in memory.
Operating systems provide system calls to protect parts of the allocated memory;
.FUNCTION_CALL mlock ,
Operating systems provide system calls to protect parts of the allocated memory:
.FUNCTION_CALL mlock
prevents a region of memory from being put in the swap,
.FUNCTION_CALL mprotect
prevents a region of memory from being put in the swap.
prevents the application itself to access part of its own memory unless
.TBD
.B "Discussion on security, not related to DODB" .
No authorization mechanism prevents the application to access un-authorized data, including, but not limited to, any file on the file-system.