Inhibiting swapping with mlock
Dug Song
dugsong at monkey.org
Fri Jan 14 06:36:02 EST 2000
On Thu, 13 Jan 2000, Phil Karn wrote:
> The Linux kernel provides a system call, mlock(), that inhibits
> swapping of a specified region of virtual memory. It locks it into
> real memory.
>
> I see no calls to mlock anywhere in ssh.
OpenBSD supports swap encryption instead. shouldn't be hard to port to
Linux.
option UVM_SWAP_ENCRYPT
Enables kernel support for encrypting pages that are written out to swap
storage. Swap encryption prevents sensitive data from remaining on the
disk even after the operating system has been shut down. This option
should be turned on if cryptographic filesystems are used. The sysctl
variable vm.swapencrypt controls its behaviour. See sysctl(8) and
sysctl(3) for details.
-d.
---
http://www.monkey.org/~dugsong/
More information about the openssh-unix-dev
mailing list