Baguette/dodb.cr
3
0
Fork 1
Code Issues Pull Requests Releases Wiki Activity

Talk a bit more about mlock and mprotect.

Browse Source
This commit is contained in:
Philippe PITTOLI 2024-05-18 12:58:04 +02:00
parent 01a1a34430
commit ef92be31cc
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
graphs/graphs.ms
View File

@ -888,11 +888,14 @@ However, a few security mechanisms exist to prevent data leak or data modificati
.B "Preventing data leak" . .B "Preventing data leak" .
Since DODB is a library, any attack on the application using it can lead to a data leak. Since DODB is a library, any attack on the application using it can lead to a data leak.
For the moment, any part of the application can access data stored in memory. For the moment, any part of the application can access data stored in memory.
Operating systems provide system calls to protect parts of the allocated memory: Operating systems provide system calls to protect parts of the allocated memory.
For instance,
.FUNCTION_CALL mlock .FUNCTION_CALL mlock
prevents a region of memory from being put in the swap, prevents a region of memory from being put in the swap, which may lead to a data leak.
Also,
.FUNCTION_CALL mprotect .FUNCTION_CALL mprotect
prevents the application itself to access part of its own memory unless prevents the application itself to access part of its own memory;
the idea is to read (or write) memory only once you ask for it via a syscall, so you cannot access it from anywhere by mistake (or after an attack).
.TBD .TBD
.B "Discussion on security, not related to DODB" . .B "Discussion on security, not related to DODB" .