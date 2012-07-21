from the good-or-not? dept.
Linux 5.14 Can Create Secret Memory Areas With memfd_secret:
The "memfd_secret" system call is being added to the Linux 5.14 kernel to provide the ability to create memory areas that are visible only in the context of the owning process and these "secret" memory regions are not mapped by other processes or the kernel page tables.
This work originated with the proposed secretmemfd work for secret memory on Linux and over the past year as memfd_secret has been gping through many rounds of review. The intended use-case for these secret memory areas are cases like OpenSSL private keys potentially being stored within these areas to reduce the possibility they are exposed in system memory and not able to be backed up by other hardware encryption methods with modern hardware. Using memfd_secret means the memory areas will only be mapped in the page table of the processes that have access to the owning file descriptor and is unmapped from the kernel direct map.
From https://lwn.net/Articles/836724/ we get the following explanation:
For demonstration of secret memory usage we've created a userspace library: https://git.kernel.org/pub/scm/linux/kernel/git/jejb/secr... that does two things: the first is act as a preloader for openssl to redirect all the OPENSSL_malloc calls to secret memory meaning any secret keys get automatically protected this way and the other thing it does is expose the API to the user who needs it. We anticipate that a lot of the use cases would be like the openssl one: many toolkits that deal with secret keys already have special handling for the memory to try to give them greater protection, so this would simply be pluggable into the toolkits without any need for user application modification.
Hiding secret memory mappings behind an anonymous file allows (ab)use of the page cache for tracking pages allocated for the "secret" mappings as well as using address_space_operations for e.g. page migration callbacks.
The anonymous file may be also used implicitly, like hugetlb files, to implement mmap(MAP_SECRET) and use the secret memory areas with "native" mm ABIs in the future.
See also: https://meterpreter.org/linux-5-13-may-support-the-creation-of-secret-memory-areas/
(Score: 0) by Anonymous Coward on Monday July 12, @10:38AM
So, if this is good for cryptographic keys (and other sensitive data) in memory... why not use it for all/most data in memory by default?
(Score: 0) by Anonymous Coward on Monday July 12, @10:49AM
Is it the file descriptor or the file description? Those are two different things and despite press articles saying it is the former, some of the kernel chatter and patches appear as though it is actually the latter but some also suggest the former as well. Is it maybe both?
(Score: 0) by Anonymous Coward on Monday July 12, @10:59AM
So does this mean that Linux can finally have proper hidden viruses and trojans just like Windows?