[$] Keeping secrets in memfd areas Back in November 2019, Mike Rapoport
made
the case that there is too much address-space sharing in Linux
systems. This sharing can be convenient and good for performance, but in
an era of advanced attacks and hardware vulnerabilities it also facilitates
security problems. At that time, he proposed a number of possible changes
in general terms; he has now come back with
a patchimplementing a couple of address-space isolation options for the
memfd mechanism. This work demonstrates the
sort of features we may be seeing, but some of the hard work has been left
for the future.