Hi All,

> > > - memlock - max locked-in-memory address space (KB)
> > AFAIK, `locked-in-memory' must be viewed in constrast to `swapped out'.
>
>Real close. :) There are flags that can be set to tell the memory
>management system to not swap the 'locked' memory spaces. (Think of the
>old behavior of the sticky bit on executables.) Honestly, I do not know
>if this is still allowed in modern *nix kernels, though I think it is.

Certainly hope it is :) This is an especially important feature when
dealing with cryptographic systems. If a password or pass phrase is read
into memory and the page gets swapped out to disk, a copy of the private
data gets written to disk and get be retrieved later on (try running
strings on a swap partition sometime.) By locking this page in memory
before reading in this data the problem is elevated.

Obviously the use of an encrypted swap eliminates this problem, however it
has processing overhead associated with it. IIRC most modern OSs allow for
locking of a specific page rather than the entire executable. Also, it is
usually strictly controlled (eg. only allowable by root) otherwise a user
application could allocate and lock all available memory space.

Cheers,

Joel

-------------------------------------------------------------------------
           => Joel Sing | jsingorigin.net.au | 0419 577 603 <=
-------------------------------------------------------------------------

     A polar bear is a rectangular bear after a coordinate transform.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]