jessenoller.com

An acquain­tance of mine has released a new C library called sec­mal­loc to quote:

Most mod­ern sys­tems have some notion of swap, where the con­tents of mem­ory can be writ­ten to disk, free­ing up the mem­ory for other pur­poses. This allows the sys­tem a lot of flex­i­bil­ity in man­ag­ing its mem­ory. Infre­quently used data is a prime can­di­date for swap­ping to disk, thus free­ing up the real mem­ory for more use­ful pur­poses. This can be a prob­lem when using cryp­tog­ra­phy as there is a dan­ger of keys or other sen­si­tive data end­ing up in swap where (even­tu­ally) it may fall into the wrong hands. Sec­mal­loc pro­vides a secure ver­sion of the com­mon ‘mal­loc’ inter­face for man­ag­ing mem­ory. All mem­ory allo­cated by sec­mal­loc is locked, so that it can­not be swapped out.

Him and I have been con­spir­ing about a way of being able to lever­age this in cPython, there’s been talk of swig and other things — I pinged Brett last night to get his thoughts (based on his other secu­rity work). Take a look at it — it’s fairly spe­cial­ized, but if you’ve been look­ing for some­thing more sur­gi­cal than call­ing:

[root@lolz~]# /sbin/swapoff

For pre­vent­ing pro­tected things from swap­ping off, then this is for you.

An acquain­tance of mine has released a new C library called sec­mal­loc to quote: Most mod­ern sys­tems have some notion of swap, where the con­tents of mem­ory can be writ­ten to...