Talk a bit more about mlock and mprotect.
This commit is contained in:
parent
01a1a34430
commit
ef92be31cc
@ -888,11 +888,14 @@ However, a few security mechanisms exist to prevent data leak or data modificati
|
||||
.B "Preventing data leak" .
|
||||
Since DODB is a library, any attack on the application using it can lead to a data leak.
|
||||
For the moment, any part of the application can access data stored in memory.
|
||||
Operating systems provide system calls to protect parts of the allocated memory:
|
||||
Operating systems provide system calls to protect parts of the allocated memory.
|
||||
For instance,
|
||||
.FUNCTION_CALL mlock
|
||||
prevents a region of memory from being put in the swap,
|
||||
prevents a region of memory from being put in the swap, which may lead to a data leak.
|
||||
Also,
|
||||
.FUNCTION_CALL mprotect
|
||||
prevents the application itself to access part of its own memory unless
|
||||
prevents the application itself to access part of its own memory;
|
||||
the idea is to read (or write) memory only once you ask for it via a syscall, so you cannot access it from anywhere by mistake (or after an attack).
|
||||
.TBD
|
||||
|
||||
.B "Discussion on security, not related to DODB" .
|
||||
|
Loading…
Reference in New Issue
Block a user