aboutsummaryrefslogtreecommitdiff
path: root/src/support
diff options
context:
space:
mode:
authorWladimir J. van der Laan <laanwj@protonmail.com>2020-03-26 16:55:49 +0100
committerWladimir J. van der Laan <laanwj@protonmail.com>2020-03-26 16:56:03 +0100
commit23991ee53af21c2fdc28f6e8e002dc1455c71098 (patch)
tree30dab64887f1f24ec369af4321af43967649a5bb /src/support
parentf3a91ab0edc70e1bcb7e770f0878f03459c399e1 (diff)
parentd831831822885717e9841f1ff67c19add566fa45 (diff)
Merge #15600: lockedpool: When possible, use madvise to avoid including sensitive information in core dumps
d831831822885717e9841f1ff67c19add566fa45 lockedpool: When possible, use madvise to avoid including sensitive information in core dumps (Luke Dashjr) Pull request description: If we're mlocking something, it's because it's sensitive information. Therefore, don't include it in core dump files, ~~and unmap it from forked processes~~. The return value is not checked because the madvise calls might fail on older kernels as a rule (unsure). ACKs for top commit: practicalswift: Code review ACK d831831822885717e9841f1ff67c19add566fa45 -- patch looks correct laanwj: ACK d831831822885717e9841f1ff67c19add566fa45 jonatack: ACK d831831822885717e9841f1ff67c19add566fa45 vasild: ACK d831831822885717e9841f1ff67c19add566fa45 Tree-SHA512: 9a6c1fef126a4bbee0698bfed5a01233460fbcc86380d984e80dfbdfbed3744fef74527a8e3439ea226167992cff9d3ffa8f2d4dbd5ae96ebe0c12f3eee0eb9e
Diffstat (limited to 'src/support')
-rw-r--r--src/support/lockedpool.cpp3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/support/lockedpool.cpp b/src/support/lockedpool.cpp
index 6980b6c0da..f3cc12201c 100644
--- a/src/support/lockedpool.cpp
+++ b/src/support/lockedpool.cpp
@@ -253,6 +253,9 @@ void *PosixLockedPageAllocator::AllocateLocked(size_t len, bool *lockingSuccess)
}
if (addr) {
*lockingSuccess = mlock(addr, len) == 0;
+#ifdef MADV_DONTDUMP
+ madvise(addr, len, MADV_DONTDUMP);
+#endif
}
return addr;
}