|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2020-02-14 15:03:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
[$] Keeping secrets in memfd areas
Back in November 2019, Mike Rapoport made
the case that there is too much address-space sharing in Linux
systems. This sharing can be convenient and good for performance, but in
an era of advanced attacks and hardware vulnerabilities it also facilitates
security problems. At that time, he proposed a number of possible changes
in general terms; he has now come back with a patch
implementing a couple of address-space isolation options for the memfd mechanism. This work demonstrates the
sort of features we may be seeing, but some of the hard work has been left
for the future.
Back in November 2019, Mike Rapoport made
the case that there is too much address-space sharing in Linux
systems. This sharing can be convenient and good for performance, but in
an era of advanced attacks and hardware vulnerabilities it also facilitates
security problems. At that time, he proposed a number of possible changes
in general terms; he has now come back with a patch
implementing a couple of address-space isolation options for the memfd mechanism. This work demonstrates the
sort of features we may be seeing, but some of the hard work has been left
for the future.
