[illumos-Developer] Proposal: Add memory clearing allocator to libnvpair

[Samuel Younge]

Yes, I understand there are lots of issues with memory access in general within illumos, what I am saying is it would be good to restrict access to the internals of key security processes when possible, although any memory can be accessed (which is a much bigger issues in general), in order to access it you have to know the address and it is a good idea to not have these address laying around. 


On Jan 26, 2011, at 16:28, Jason King <jason.brian.king at gmail.com> wrote:

> On Wed, Jan 26, 2011 at 8:11 PM, Samuel Younge
> <Samuel.Younge at holyroyal.com> wrote:
>> Is there an easy way to keep referenced memory that affects the internals of IKE in a more protected space?
>> 
> 
> I'm not really aware of any such thing in Illumos.  The IKEv2 daemon
> is a userland daemon, with it's own address space, running with
> reduced privileges after it acquires the necessary resources (udp
> socket bound to port 500, fd for door, fd for PF_KEY socket, and forks
> off into the background).  Of course in it's current state it's not
> doing anything particularly interesting yet.
> 
> In addition, it has the notions of privilege levels (like the current
> closed source in.iked) that restricts what information can be queried
> via the cmdline (and once lowered cannot be raised again without
> stopping & restarting the daemon).
> 
> Anyone with root can read (or write) any bit of physical memory on the
> system, so I'm not sure what more can be done.  If there is something
> specific you were thinking of, please let me know more.   If you'd
> like to help out any with coding, I'd welcome any assistance (I'm
> doing this in my spare time, so it's somewhat slow going).