[PATCH] exitz syscall
Linus Torvalds
torvalds at linux-foundation.org
Sun Nov 12 18:50:10 UTC 2023
On Sun, 12 Nov 2023 at 07:44, Theodore Ts'o <tytso at mit.edu> wrote:
>
> How about adding a flag MLOCK_ZERO_ON_FREE used by the mlock2() system
> call? The number of pages which an unprivileged process can lock is
> already capped via RLIMIT_MEMLOCK (or else mlock would be it own
> denial of service attack). That way if process dies from crash, the
> keys would be zero'ed.
Yes, that is a lot better as an interface.
However, it still needs to also make sure that the memory in question
is not file-backed etc. Which the patch I saw didn't seem to do
either.
End result: as it was, that exitz patch was not helping security. It
was anything but.
Linus
More information about the Linux-security-module-archive
mailing list