Locking pages in core

Kevin Steves stevesk at sweden.hp.com
Mon Nov 6 07:29:46 EST 2000

On Tue, 31 Oct 2000, Jason Stone wrote:
: Is there any interest in using mlock to lock pages in core so that
: potentially sensitive data won't get swapped out to disk?  (GnuPG, for
: example, does this).
: There was a thread on this a long time ago, and it degenerated into a
: discussion of crypto-swap, but the question was never answered.
: Is there a good reason not to do this?  The only one I can think of is
: that we'll need to make ssh-agent setuid as mlock requires root
: priveleges.

I think it's worthwhile to pursue this.  My first thought is some type
of secmem library ala gpg.  I think OpenSSH is already careful about
clearing buffers that have held sensitive data asap, but it would be
better to place this data in non-swapable segments in the first place.

For HP-UX:

11.0 support mlock(2) and it doesn't require root if you use the
privgrp(4) mechanism.

10.20 has plock(2) which isn't as fine-grained as mlock() and basically
permits you to lock the entire data segment.  plock() supports privgrp
as well.  I think there's an mlock() stub in libc that will just raise

More information about the openssh-unix-dev mailing list