Baguette/dodb.cr
3
0
Fork 1
Code Issues Pull Requests Releases Wiki Activity

Talk about the mprotect and mlock syscalls.

Browse Source
This commit is contained in:
Philippe PITTOLI 2024-05-17 19:52:36 +02:00
parent 8717709a2c
commit 01a1a34430
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
graphs/graphs.ms
View File

@ -888,10 +888,12 @@ However, a few security mechanisms exist to prevent data leak or data modificati
.B "Preventing data leak" . .B "Preventing data leak" .
Since DODB is a library, any attack on the application using it can lead to a data leak. Since DODB is a library, any attack on the application using it can lead to a data leak.
For the moment, any part of the application can access data stored in memory. For the moment, any part of the application can access data stored in memory.
Operating systems provide system calls to protect parts of the allocated memory; Operating systems provide system calls to protect parts of the allocated memory:
.FUNCTION_CALL mlock , .FUNCTION_CALL mlock
prevents a region of memory from being put in the swap,
.FUNCTION_CALL mprotect .FUNCTION_CALL mprotect
prevents a region of memory from being put in the swap. prevents the application itself to access part of its own memory unless
.TBD
.B "Discussion on security, not related to DODB" . .B "Discussion on security, not related to DODB" .
No authorization mechanism prevents the application to access un-authorized data, including, but not limited to, any file on the file-system. No authorization mechanism prevents the application to access un-authorized data, including, but not limited to, any file on the file-system.