From 01a1a344308b8d714502e31a2e26955d77142ec2 Mon Sep 17 00:00:00 2001 From: Philippe PITTOLI Date: Fri, 17 May 2024 19:52:36 +0200 Subject: [PATCH] Talk about the mprotect and mlock syscalls. --- graphs/graphs.ms | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/graphs/graphs.ms b/graphs/graphs.ms index 0f0ae2f..2fbcd98 100644 --- a/graphs/graphs.ms +++ b/graphs/graphs.ms @@ -888,10 +888,12 @@ However, a few security mechanisms exist to prevent data leak or data modificati .B "Preventing data leak" . Since DODB is a library, any attack on the application using it can lead to a data leak. For the moment, any part of the application can access data stored in memory. -Operating systems provide system calls to protect parts of the allocated memory; -.FUNCTION_CALL mlock , +Operating systems provide system calls to protect parts of the allocated memory: +.FUNCTION_CALL mlock +prevents a region of memory from being put in the swap, .FUNCTION_CALL mprotect -prevents a region of memory from being put in the swap. +prevents the application itself to access part of its own memory unless +.TBD .B "Discussion on security, not related to DODB" . No authorization mechanism prevents the application to access un-authorized data, including, but not limited to, any file on the file-system.