Talk a bit more about mlock and mprotect.

This commit is contained in:
Philippe PITTOLI 2024-05-18 12:58:04 +02:00
parent 01a1a34430
commit ef92be31cc

View File

@ -888,11 +888,14 @@ However, a few security mechanisms exist to prevent data leak or data modificati
.B "Preventing data leak" .
Since DODB is a library, any attack on the application using it can lead to a data leak.
For the moment, any part of the application can access data stored in memory.
Operating systems provide system calls to protect parts of the allocated memory:
Operating systems provide system calls to protect parts of the allocated memory.
For instance,
.FUNCTION_CALL mlock
prevents a region of memory from being put in the swap,
prevents a region of memory from being put in the swap, which may lead to a data leak.
Also,
.FUNCTION_CALL mprotect
prevents the application itself to access part of its own memory unless
prevents the application itself to access part of its own memory;
the idea is to read (or write) memory only once you ask for it via a syscall, so you cannot access it from anywhere by mistake (or after an attack).
.TBD
.B "Discussion on security, not related to DODB" .