SecMalloc: c-lib to prevent malloc'ed memory from swapping.

by jesse in ,


An acquaintance of mine has released a new C library called secmalloc to quote:

Most modern systems have some notion of swap, where the contents of memory can be written to disk, freeing up the memory for other purposes. This allows the system a lot of flexibility in managing its memory. Infrequently used data is a prime candidate for swapping to disk, thus freeing up the real memory for more useful purposes. This can be a problem when using cryptography as there is a danger of keys or other sensitive data ending up in swap where (eventually) it may fall into the wrong hands. Secmalloc provides a secure version of the common 'malloc' interface for managing memory. All memory allocated by secmalloc is locked, so that it cannot be swapped out.

Him and I have been conspiring about a way of being able to leverage this in cPython, there's been talk of swig and other things - I pinged Brett last night to get his thoughts (based on his other security work). Take a look at it - it's fairly specialized, but if you've been looking for something more surgical than calling: [root@lolz~]# /sbin/swapoff For preventing protected things from swapping off, then this is for you.