On 2010-Jun-13 10:07:15 +0200, Dag-Erling Smørgrav <des_at_des.no> wrote: >You always overwrite passphrases, keys etc. as soon as you're done with >them so they don't end up in a crash dump or on a swap disk or >something. Which brings up an associated issue: By default, mlock(2) can only be used by root processes. It would be really handy if non-privileged processes could lock small amounts of VM so they can securely handle passwords, passphrases, keys, etc. MAC offers the option of allowing non-root processes access to mlock() but doesn't provide any restrictions on the amount of memory they can lock. -- Peter Jeremy
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:04 UTC