Skip top menus
National Security Agency and Central Security Service with agency logos.NSA/CSS Memorial Wall
Home    About NSA    Research    Business    Careers    Public Info    History
Introduction to Research    Security-Enhanced Linux    Information Assurance Research    Technology Transfer    Publications    Related Links

>>SELinux Mailing List: by thread

Search
What's new?
Contents
Overview
What's New
Frequently Asked Questions
Background
Documentation
License
Download
Participating
Mail List
Archive Summary
Archive by Thread
Archive by Author
Archive by Date
Archive by Subject
Remaining Work
Contributors
Related Work
Press Releases
  • Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
From: james_at_spunkysoftware.com
subject: No RAM swapout to disk for "sandbox" run programs
Date: Tue, 28 Aug 2001 09:34:10 +1000
  • This message: [ Message body ]
  • Next message: Tom: "Re: No RAM swapout to disk for "sandbox" run programs"
  • Previous message: Jose Nazario: "of interest -- HP's secure linux"
  • Next in thread: Tom: "Re: No RAM swapout to disk for "sandbox" run programs"
  • Reply: Tom: "Re: No RAM swapout to disk for "sandbox" run programs"
  • Reply: Stephen Smalley: "Re: No RAM swapout to disk for "sandbox" run programs"


PGP uses, or did use, a (sloppy?) memory driver which prevented process address space active in RAM from being swapped out to disk.

I have written Linus Torvalds talking about a range of PIDs, or a new field in the task_struct, which would indicate to the mm in the kernel that swapping this process' address space out to disk was forbidden.

A program can be launched from a shell that acts as a "sandbox" to run programs that shouldn't be swapped to disk. All tasks forked from this should be regarded as unswappable. This would be useful for encryption programs, since PGP on WinNT at least was already doing it. I'm not sure how GnuPG handles this at the moment.

Any thoughts anyone?

Also, I am wondering where I can get software that will allow me to look at arbitrary memory ranges, the purpose being to look at "deleted" files on Windows and Linux. Anybody know of any such software? Is there a kernel module that allows this?

James Buchanan 

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
From: Tom <tom_at_lemuria.org>
subject: Re: No RAM swapout to disk for "sandbox" run programs
Date: Tue, 28 Aug 2001 09:25:32 +0200
  • This message: [ Message body ]
  • Next message: Stephen Smalley: "Re: No RAM swapout to disk for "sandbox" run programs"
  • Previous message: james_at_spunkysoftware.com: "No RAM swapout to disk for "sandbox" run programs"
  • In reply to: james_at_spunkysoftware.com: "No RAM swapout to disk for "sandbox" run programs"
  • Next in thread: Stephen Smalley: "Re: No RAM swapout to disk for "sandbox" run programs"


On Tue, Aug 28, 2001 at 09:34:10AM +1000, james@spunkysoftware.com wrote:
> I have written Linus Torvalds talking about a range of PIDs, or a new field
> in the task_struct, which would indicate to the mm in the kernel that
> swapping this process' address space out to disk was forbidden.

this strikes me as redundant because such a mechanism already exists.

> programs, since PGP on WinNT at least was already doing it. I'm not sure how
> GnuPG handles this at the moment.

GPG will use existing system calls to achieve exactly this effect. I don't know the details by heart, but I did once. grab the gpg source and take a look around.

> Also, I am wondering where I can get software that will allow me to look at
> arbitrary memory ranges, the purpose being to look at "deleted" files on
> Windows and Linux. Anybody know of any such software? Is there a kernel
> module that allows this?

/proc/mem is your friend. :) 

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
From: Stephen Smalley <sds_at_tislabs.com>
subject: Re: No RAM swapout to disk for "sandbox" run programs
Date: Tue, 28 Aug 2001 07:40:18 -0400 (EDT)
  • This message: [ Message body ]
  • Next message: Westerman, Mark: "policy configurations files"
  • Previous message: Tom: "Re: No RAM swapout to disk for "sandbox" run programs"
  • In reply to: james_at_spunkysoftware.com: "No RAM swapout to disk for "sandbox" run programs"

On Tue, 28 Aug 2001 james@spunkysoftware.com wrote:

> PGP uses, or did use, a (sloppy?) memory driver which prevented process
> address space active in RAM from being swapped out to disk.
>
> I have written Linus Torvalds talking about a range of PIDs, or a new field
> in the task_struct, which would indicate to the mm in the kernel that
> swapping this process' address space out to disk was forbidden.

This seems a bit off-topic for this mailing list. Anyway, why can't you use the mlock system call? 

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com





--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
  • Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

This archive was generated by hypermail 2.2.0 on Wed 11 Jun 2008 - 08:10:54 EDT

Information Assurance | Signals & Intelligence        Links | Accessibility | Privacy & Security