[SERVER-21503] Update SecureAllocator to use MADV_DONTDUMP Created: 17/Nov/15 Updated: 13/Aug/16 Resolved: 10/Aug/16 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Internal Code, Security |
| Affects Version/s: | 3.2.0-rc2 |
| Fix Version/s: | 3.3.11 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Mira Carey | Assignee: | Waley Chen |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Sprint: | Platforms 2016-08-26 |
| Participants: |
| Description |
|
MADV_DONTDUMP is an option to madvise that prevents regions of memory from showing up in core dumps. We should change SecureAllocator to set this option for the pages it maps on linux, because otherwise users have to disable core dumps, otherwise they risk dumping their "secure data" to disk during a crash. |
| Comments |
| Comment by Githook User [ 10/Aug/16 ] |
|
Author: {u'username': u'WaleyChen', u'name': u'Waley Chen', u'email': u'waleycz@gmail.com'}Message: |