Richard Moore <rich@westpoint.ltd.uk> writes: > It's worth noting that on systems such as linux and solaris, it is > easy to avoid the paging problem by locking the process into > memory. "Locking into memory" does NOT mean "avoid paging". AFAIK, there are operating systems in which memory which has been locked is still paged to disk. > This is accomplished using the system calls mlock(2) and > mlockall(2). The former is probably more suitable as the latter > locks all of pages for the process. It is very hard to use mlock(2) correctly, and using mlockall(2) creates a potential for local DoS attacks. Better disable swap or use encrypted swap on critical systems. -- Florian Weimer Weimer@CERT.Uni-Stuttgart.DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898
