Announcement

**ddriver** · 20 July 2020, 08:51 AM

Umm, isn't process mapped memory only visible to that process the default, and if not, why isn't it?

It would seem that process memory should be exclusive to that process, unless some explicit and authorized mechanism for inter process communication is involved, and even then it should be carefully scoped and interfaced.

**bridgman** · 20 July 2020, 09:38 AM

Originally posted by ddriver View Post

Umm, isn't process mapped memory only visible to that process the default, and if not, why isn't it?

I think this is more about hiding from things like /dev/mem, and from the hypervisor when running in a VM.

**Jakobson** · 20 July 2020, 09:54 AM

Originally posted by bridgman View Post

I think this is more about hiding from things like /dev/mem, and from the hypervisor when running in a VM.

Neither kernel or root user can see the content of that memory area.

**cjcox** · 20 July 2020, 10:58 AM

You had the opportunity to call it seatecastronomyd and you didn't?

**Lycanthropist** · 20 July 2020, 11:37 AM

A debugger is also able to read the memory contents of another process. I assume this won't be possible with those secret memory pages.

**Etherman** · 20 July 2020, 12:04 PM

Originally posted by ddriver View Post

Umm, isn't process mapped memory only visible to that process the default, and if not, why isn't it?

It would seem that process memory should be exclusive to that process, unless some explicit and authorized mechanism for inter process communication is involved, and even then it should be carefully scoped and interfaced.

The kernel needs access to the memory for swapping to disk.

**ix900** · 20 July 2020, 12:17 PM

I don't know, would think if it can be hidden then it can be found and that someone will eventually find a way to get at it in a non-legit way. Maybe it will be better to have it than to not but also maybe the added complexity will cause added security holes.

This is one that should probably be heavily scrutinized.

**waxhead** · 20 July 2020, 01:17 PM

I don't know anything about the to secretmemfd stuff but I would assume it is intended to prevent memory pages from being swaoped to disk and prevent the memory pages from being reused by another process without zeroing it out first. E.g turning a malloc() to a calloc() or putting used pages in a blacklist which can be zeroed at some point.

**ddriver** · 20 July 2020, 01:17 PM

Originally posted by Lycanthropist View Post

A debugger is also able to read the memory contents of another process. I assume this won't be possible with those secret memory pages.

Debugging requires a debug build, which has a tremendous amount of additional hooks and whatnot, which is why it is also so important to be careful not to ship debug builds by mistake.

Announcement

Linux Secret Memory "secretmemfd" System Call Remains Under Review

Linux Secret Memory "secretmemfd" System Call Remains Under Review

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment