[$] Keeping secrets in memfd areas

Back in November 2019, Mike Rapoport made
the case
that there is too much address-space sharing in Linux
systems. This sharing can be convenient and good for performance, but in
an era of advanced attacks and hardware vulnerabilities it also facilitates
security problems. At that time, he proposed a number of possible changes
in general terms; he has now come back with a patch
implementing a couple of address-space isolation options for the memfd mechanism. This work demonstrates the
sort of features we may be seeing, but some of the hard work has been left
for the future.

Source: LWN.net – [$] Keeping secrets in memfd areas

Leave a Reply