Re: CVS commit: src

To: David Holland <dholland-tech%netbsd.org@localhost>
Subject: Re: CVS commit: src
From: Elad Efrat <elad%NetBSD.org@localhost>
Date: Wed, 26 Aug 2009 17:20:51 -0400

On Wed, Aug 26, 2009 at 5:05 PM, David 
Holland<dholland-tech%netbsd.org@localhost> wrote:

> Entities that share the same memory space inherently have the same
> trust level. At that point it becomes a nonissue, except for e.g.
> cryptographic keys that should already be getting handled properly.
>
> I'm not clear what you have in mind.

First I disagree with your assertion that "all" kernel memory is
considered security-sensitive. Second, the placement of the note in
the kmem(9) man-page seems odd, especially given the practice of
handling security-sensitive information in freed memory is relevant to
all memory allocators regardless of where the security-sensitive
information is used (in the kernel or a userland application). Third,
I've heard interesting things about something called KERNSEAL from the
PaX project that's supposed to provide kernel self-protection.

I'm not suggesting something should be changed, I'm just thinking out loud.

-e.

References:
- Re: CVS commit: src
  - From: YAMAMOTO Takashi
- Re: CVS commit: src
  - From: YAMAMOTO Takashi
- Re: CVS commit: src
  - From: Elad Efrat
- Re: CVS commit: src
  - From: David Holland
- Re: CVS commit: src
  - From: Elad Efrat

Prev by Date: Re: CVS commit: src
Next by Date: Re: CVS commit: src
Previous by Thread: Re: CVS commit: src
Next by Thread: Re: CVS commit: src
Indexes:

Home | Main Index | Thread Index | Old Index