Talk a bit more about mlock and mprotect.
This commit is contained in:
parent
01a1a34430
commit
ef92be31cc
@ -888,11 +888,14 @@ However, a few security mechanisms exist to prevent data leak or data modificati
|
|||||||
.B "Preventing data leak" .
|
.B "Preventing data leak" .
|
||||||
Since DODB is a library, any attack on the application using it can lead to a data leak.
|
Since DODB is a library, any attack on the application using it can lead to a data leak.
|
||||||
For the moment, any part of the application can access data stored in memory.
|
For the moment, any part of the application can access data stored in memory.
|
||||||
Operating systems provide system calls to protect parts of the allocated memory:
|
Operating systems provide system calls to protect parts of the allocated memory.
|
||||||
|
For instance,
|
||||||
.FUNCTION_CALL mlock
|
.FUNCTION_CALL mlock
|
||||||
prevents a region of memory from being put in the swap,
|
prevents a region of memory from being put in the swap, which may lead to a data leak.
|
||||||
|
Also,
|
||||||
.FUNCTION_CALL mprotect
|
.FUNCTION_CALL mprotect
|
||||||
prevents the application itself to access part of its own memory unless
|
prevents the application itself to access part of its own memory;
|
||||||
|
the idea is to read (or write) memory only once you ask for it via a syscall, so you cannot access it from anywhere by mistake (or after an attack).
|
||||||
.TBD
|
.TBD
|
||||||
|
|
||||||
.B "Discussion on security, not related to DODB" .
|
.B "Discussion on security, not related to DODB" .
|
||||||
|
Loading…
Reference in New Issue
Block a user