Talk about the mprotect and mlock syscalls.
This commit is contained in:
parent
8717709a2c
commit
01a1a34430
@ -888,10 +888,12 @@ However, a few security mechanisms exist to prevent data leak or data modificati
|
||||
.B "Preventing data leak" .
|
||||
Since DODB is a library, any attack on the application using it can lead to a data leak.
|
||||
For the moment, any part of the application can access data stored in memory.
|
||||
Operating systems provide system calls to protect parts of the allocated memory;
|
||||
.FUNCTION_CALL mlock ,
|
||||
Operating systems provide system calls to protect parts of the allocated memory:
|
||||
.FUNCTION_CALL mlock
|
||||
prevents a region of memory from being put in the swap,
|
||||
.FUNCTION_CALL mprotect
|
||||
prevents a region of memory from being put in the swap.
|
||||
prevents the application itself to access part of its own memory unless
|
||||
.TBD
|
||||
|
||||
.B "Discussion on security, not related to DODB" .
|
||||
No authorization mechanism prevents the application to access un-authorized data, including, but not limited to, any file on the file-system.
|
||||
|
Loading…
Reference in New Issue
Block a user