[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: When scrubbing secrets in memory doesn't work



Nicholas Weaver wrote:
On Thu, Nov 14, 2002 at 02:44:58AM -0800, Michael Wojcik composed:
The bigger concern is when the memory is paged to disk, and that
record may have a much MUCH longer time window.  But scrubbing has no
real effect on this, this is an effect of VM memory management and
memory-only pinning.


It's worth noting that on systems such as linux and solaris, it is easy to avoid the paging problem by locking the process into memory. This is accomplished using the system calls mlock(2) and mlockall(2). The former is probably more suitable as the latter locks all of pages for the process. This is of course outside the scope of the C (or other language) definition.

Cheers

Rich.