Announcement

**ddriver** · 11 July 2021, 06:16 AM

Wouldn't that make it easier to get sensitive data on compromised systems?

**hoohoo** · 11 July 2021, 06:59 AM

Would the kernel know that a process has such a memory segment, even though the segments pages are not visible to the kernel?

For the sake of security auditing it seems like I might want to know which processes make use of this feature.

**paupav** · 11 July 2021, 07:34 AM

I guess it could be usefull to zero out that part of the memory when process closes before another process reserves that space even on SIGKILL.
But as people have previously mentioned, that area then becomes target of hackers.

**avem** · 11 July 2021, 08:43 AM

A very nice feature to hide malware. Root access is not even required.

**skeevy420** · 11 July 2021, 08:46 AM

gping through many rounds of review

tildearrow, you're up

**tildearrow** · 11 July 2021, 02:27 PM

Originally posted by skeevy420 View Post

tildearrow, you're up

In fact I already fell asleep by 7am

**Vorpal** · 11 July 2021, 02:43 PM

Originally posted by hoohoo View Post

Would the kernel know that a process has such a memory segment, even though the segments pages are not visible to the kernel?

For the sake of security auditing it seems like I might want to know which processes make use of this feature.

The kernel would have to know for two reasons even more important than just auditing:

Limting how much such memory each user/process can allocate (as this memory will be unswappable)
Most important: Not allocating that memory for something else.

There are probably many other things that would break if the kernel didn't keep track of the memory.

On a related note, I don't really see this protection as very useful, as nothing stops the kernel remapping the memory again. Though this can protect against certain classes of information leak attacks and speculative execution bugs.

**Developer12** · 11 July 2021, 02:58 PM

Originally posted by Vorpal View Post

On a related note, I don't really see this protection as very useful, as nothing stops the kernel remapping the memory again. Though this can protect against certain classes of information leak attacks and speculative execution bugs.

The whole point is to guard against memory-readout kernel bugs. Bugs happen, and some can be used to read another processes' memory without gaining total control.

No, this doesn't make it so that the kernel can't read the memory at all [1]. It makes it so the kernel can't read the memory by accident.

[1] like SGX, although that has also turned out to be a great vector for malware, and basically totally broken by spectre. Hopefully unmapping the pages makes this a tiny more more spectre resistant. (doesn't help against flaws like MDS)

**uid313** · 11 July 2021, 03:27 PM

But there is already Trusted Computing Module (TPM). Or is this for systems without that?
Maybe TPM is better.
Or is this just a way to sneak in DRM?

Announcement

Linux 5.14 Can Create Secret Memory Areas With memfd_secret

Linux 5.14 Can Create Secret Memory Areas With memfd_secret

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment