Locking pages in core

Damien Miller djm at mindrot.org
Mon Nov 6 09:21:20 EST 2000


On Sun, 5 Nov 2000, Kevin Steves wrote:

> I think it's worthwhile to pursue this.  My first thought is some type
> of secmem library ala gpg.  I think OpenSSH is already careful about
> clearing buffers that have held sensitive data asap, but it would be
> better to place this data in non-swapable segments in the first place.
 
A secmem library would be the way to go, but it would best be done in
conjunction with the OpenSSL people - there is a fair bit of mallocing
and private data (random pools, etc) on their side of the fence. Perhaps
such a library would be best incorporated into OpenSSL.

-d

-- 
| ``We've all heard that a million monkeys banging on | Damien Miller -
| a million typewriters will eventually reproduce the | <djm at mindrot.org>
| works of Shakespeare. Now, thanks to the Internet, / 
| we know this is not true.'' - Robert Wilensky UCB / http://www.mindrot.org







More information about the openssh-unix-dev mailing list