[illumos-Developer] Proposal: Add memory clearing allocator to libnvpair
Jason King
jason.brian.king at gmail.com
Wed Jan 26 18:28:39 PST 2011
On Wed, Jan 26, 2011 at 8:11 PM, Samuel Younge
<Samuel.Younge at holyroyal.com> wrote:
> Is there an easy way to keep referenced memory that affects the internals of IKE in a more protected space?
>
I'm not really aware of any such thing in Illumos. The IKEv2 daemon
is a userland daemon, with it's own address space, running with
reduced privileges after it acquires the necessary resources (udp
socket bound to port 500, fd for door, fd for PF_KEY socket, and forks
off into the background). Of course in it's current state it's not
doing anything particularly interesting yet.
In addition, it has the notions of privilege levels (like the current
closed source in.iked) that restricts what information can be queried
via the cmdline (and once lowered cannot be raised again without
stopping & restarting the daemon).
Anyone with root can read (or write) any bit of physical memory on the
system, so I'm not sure what more can be done. If there is something
specific you were thinking of, please let me know more. If you'd
like to help out any with coding, I'd welcome any assistance (I'm
doing this in my spare time, so it's somewhat slow going).
More information about the Developer
mailing list