Hi,
Le 03/01/2023 à 21:44, Jason A. Donenfeld a écrit :
On Tue, Jan 03, 2023 at 12:15:57PM -0800, Linus Torvalds wrote:
On Tue, Jan 3, 2023 at 12:03 PM Jason A. Donenfeld <Jason@xxxxxxxxx> wrote:
That buffering cannot be done safely currently
.. again, this is "your semantics" (the (b) in my humbug list), not
necessarily reality for anybody else.
Yea that's fair. Except, of course, I maintain that my semantics are
important ones. :)
I concur.
To hold secret material, we need MADV_WIPEONFORK | MADV_DONTDUMP and the side effect of mlock() (pages' content never written to swap), inherited across fork().
And I want mlock() without paying the price.
Jason's proposed semantics, which I call MADV_WIPEONSWAP, provide a mean to hold /unlimited/ amount secrets in userspace memory (not limited by RLIMIT_MEMLOCK).
The only constraint for userspace is to handle the case pages are wiped, which is already the case of userspace arc4random()'s implementation.
Regards.
--
Yann Droneaud
OPTEYA