Pipe buffers are not pagable at present (and probably never will be);
obviously for the below to be 'reasonable' immune from paging
sensitive data out then the _application_ buffers in question should
be mlocked. GPG already does this (if suid or run as root) so the
other application would need to do that same.
--cw
On Wed, Sep 20, 2000 at 12:31:25PM -0400, Mike Panetta wrote:
Can anyone answer this?
I am not sure if unnamed pipes in linux
are pageable or not. If an unnamed pipe
could be paged out what could be done
to prevent that from happening?
TIA,
Mike
----- Forwarded message from AW <aw@cavu.com> -----
Date: Wed, 20 Sep 2000 12:27:05 -0400
From: AW <aw@cavu.com>
To: mpanetta@applianceware.com
Subject: Re: Linux pipe question
> I am not sure... But would this be a named pipe or
> not?
This would be a UNnamed pipe, i.e.,
gen_confidential_data | gpg -e -r backup@pentacorp.com ...
The question is: is any of the clear text confidential data handled by the
unnamed pipe at risk for being written to disk? Comments in the kernel
code suggest that it's buffered in a single physical page but I suspect
that it's actually a virtual page that could be paged out.
Does the answer depend on if gen_confidential_data limits its write to
not exceed PIPE_BUF (4096)?
Clearly, gen_confidential_data is subject to being paged out unless it
locks itself into memory.
THANKS!
Bob
----- End forwarded message -----
--
--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Sep 23 2000 - 21:00:23 EST