Announcement

Collapse
No announcement yet.

Secret Memory Areas For Linux Might Finally Be Ready With memfd_secret

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Secret Memory Areas For Linux Might Finally Be Ready With memfd_secret

    Phoronix: Secret Memory Areas For Linux Might Finally Be Ready With memfd_secret

    In development for more than one year has been the ability to create secret memory areas on Linux that would be visible only to the owning process and is not mapped for other processes or the kernel page tables. That "memfd_secret" system call has finally materialized in Linux-Next and looking like it could be ready for mainline...

    https://www.phoronix.com/scan.php?pa...cret-Linux-RAM

  • #2
    Oh this is great for spyware, trojan, viruses, and malware. It can hide well in secret memory. Also good for DRM.

    Comment


    • #3
      Originally posted by uid313 View Post
      Oh this is great for spyware, trojan, viruses, and malware. It can hide well in secret memory. Also good for DRM.
      Possibly, Though the patch notes says it's turned on/off at boot by user.

      Comment


      • #4
        But root will be able to read those memory areas, right?

        Comment


        • #5
          Originally posted by SilverFox View Post

          Possibly, Though the patch notes says it's turned on/off at boot by user.
          Yeah, until software start requiring that this be turned on. Like to be able to play video on some service you need to turn that option off, else you cannot. Maybe it gets integrated into the web browser too, so then when you visit a website that website can declare that you need to enable that thing else you cannot play video.

          Originally posted by oleid View Post
          But root will be able to read those memory areas, right?
          Nope. I don't think so. Only the process which owns the memory.

          Comment


          • #6
            Originally posted by oleid View Post
            But root will be able to read those memory areas, right?
            if that's the case, then theres no much use, you can already use anonymous mappings and opt out from features like paging and ptrace. It seems more like this new areas will be invisible, as not hooked into any common global list but only available through some process context (well, kernel has to access those, but the entries will be missing in memory managment lists).
            Kinda weird though, that this new systemcall will use filedescriptors, which adds some transparency again.

            Comment


            • #7
              Disgusting!

              Comment


              • #8
                Originally posted by uid313 View Post

                Yeah, until software start requiring that this be turned on. Like to be able to play video on some service you need to turn that option off, else you cannot. Maybe it gets integrated into the web browser too, so then when you visit a website that website can declare that you need to enable that thing else you cannot play video.
                Then don't use the service/site that requires that?

                Comment


                • #9
                  Originally posted by Bigon View Post

                  Then don't use the service/site that requires that?
                  Then slowly it creeps to more and more, until all the sites use it. Imagine first maybe it starts with Netflix and some other services, then YouTube.

                  Comment


                  • #10
                    Sooo... I guess this could also be used for finally enabling support for anti-cheat systems in Wine/Proton games? Because AFAIK that's the #1 problem currently (besides directly using system calls): their lack of trust that a Linux system will not silently modify their protected process's data (aka apply a cheat/hack) outside of the Wine environment and thus outside of their ability to detect and prevent that modification.

                    P.S. for the naysayers: like it or not, DRM and anti-cheat systems are here to stay for the foreseeable future. Media streaming and cloud gaming and online competitive games are a thing. And I'd rather have a truly free platform that gives me the option of enabling support for them, rather than a semi-useless platform that thinks it knows better than me, the actual user, and refuses to even give me the option to use something I need. The only result that can arise from this kind of mentality is that the average Joe will simply migrate to a better, more useful platform.

                    Comment

                    Working...
                    X