|
From: | Peter Lieven |
Subject: | Re: [Qemu-devel] [RFC] sanitize memory on system reset |
Date: | Thu, 13 Jun 2013 10:46:39 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6 |
On 13.06.2013 10:40, Stefan Hajnoczi wrote:
On Thu, Jun 13, 2013 at 08:09:09AM +0200, Peter Lieven wrote:I was thinking if it would be a good idea to zeroize all memory resources on system reset and madvise dontneed them afterwards. This would avoid system reset attacks in case the attacker has only access to the console of a vServer but not on the physical host and it would shrink RSS size of the vServer siginificantly.I wonder if you'll hit weird OS installers or PXE clients that rely on stashing stuff in memory across reset.
Mhh, that indeed would be weird. What do you think of the idea in general? You concerns could be addresses by adding a switch for this which defaults to off. Peter
[Prev in Thread] | Current Thread | [Next in Thread] |