|
From: | Peter Lieven |
Subject: | Re: [Qemu-devel] [RFC] sanitize memory on system reset |
Date: | Thu, 13 Jun 2013 16:23:55 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6 |
On 13.06.2013 12:55, Markus Armbruster wrote:
Peter Lieven <address@hidden> writes:On 13.06.2013 10:40, Stefan Hajnoczi wrote:On Thu, Jun 13, 2013 at 08:09:09AM +0200, Peter Lieven wrote:I was thinking if it would be a good idea to zeroize all memory resources on system reset and madvise dontneed them afterwards. This would avoid system reset attacks in case the attacker has only access to the console of a vServer but not on the physical host and it would shrink RSS size of the vServer siginificantly.I wonder if you'll hit weird OS installers or PXE clients that rely on stashing stuff in memory across reset.One point: Wouldn't a memory test which some systems do at startup break these as well?Systems that distinguish between warm and cold boot (such as PCs) generally run POST only on cold boot. I'm not saying triggering warm reboot and expecting memory contents to survive is a good idea, but it has been done.
so you would vote for not touching it or at least enable it only through a cmdline paramter? Peter
[Prev in Thread] | Current Thread | [Next in Thread] |