|
From: | Peter Lieven |
Subject: | Re: [Qemu-devel] [RFC] sanitize memory on system reset |
Date: | Thu, 13 Jun 2013 10:51:46 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6 |
On 13.06.2013 10:40, Stefan Hajnoczi wrote:
On Thu, Jun 13, 2013 at 08:09:09AM +0200, Peter Lieven wrote:I was thinking if it would be a good idea to zeroize all memory resources on system reset and madvise dontneed them afterwards. This would avoid system reset attacks in case the attacker has only access to the console of a vServer but not on the physical host and it would shrink RSS size of the vServer siginificantly.I wonder if you'll hit weird OS installers or PXE clients that rely on stashing stuff in memory across reset.
One point: Wouldn't a memory test which some systems do at startup break these as well? Peter
[Prev in Thread] | Current Thread | [Next in Thread] |