RFC: malloc and secure memory.
Stefan O'Rear
sorear@fastmail.com
Fri Sep 25 23:39:41 GMT 2020
On Thu, Sep 24, 2020, at 4:56 PM, Carlos O'Donell via Libc-alpha wrote:
> In reviewing this discussion:
> https://github.com/systemd/systemd/pull/14213
>
> The request is for a way to mark some allocations as "secure"
> and to give them special properties.
>
> I wonder if we can't do this in some generic way:
>
> - Make arenas a first class construct.
>
> /* Get arena with special properties. */
> malloc_arena *secure_arena = NULL;
> /* Get a handle to an arena that has secure heaps. If glibc can make this
> kind of arena and heap then it does, otherwise it returns NULL. */
> secure_arena = malloc_arena_get (HEAP_SECURE);
> /* Does this glibc support his kind of arena? */
> if (secure_arena == NULL)
> abort();
This is a bit late and I apologize, but is there any possibility of choosing
a more descriptive name than SECURE for this? It's extremely vague, will mean
something different for everybody, and because security is a situational and
global property of systems, I would generally consider it incorrect to use
"secure" to describe local and binary properties of subsystems.
-s
More information about the Libc-alpha
mailing list