[PATCH] exitz syscall

Linus Torvalds torvalds at linux-foundation.org
Sun Nov 12 18:50:10 UTC 2023


On Sun, 12 Nov 2023 at 07:44, Theodore Ts'o <tytso at mit.edu> wrote:
>
> How about adding a flag MLOCK_ZERO_ON_FREE used by the mlock2() system
> call?  The number of pages which an unprivileged process can lock is
> already capped via RLIMIT_MEMLOCK (or else mlock would be it own
> denial of service attack).  That way if process dies from crash, the
> keys would be zero'ed.

Yes, that is a lot better as an interface.

However, it still needs to also make sure that the memory in question
is not file-backed etc. Which the patch I saw didn't seem to do
either.

End result: as it was, that exitz patch was not helping security. It
was anything but.

              Linus



More information about the Linux-security-module-archive mailing list