Re: [patch v2] madvise.2: Add MADV_WIPEONFORK documentation

From: Rik van Riel
Date: Tue Sep 19 2017 - 15:21:54 EST


On Tue, 2017-09-19 at 21:07 +0200, Michael Kerrisk (man-pages) wrote:

> Thanks. I applied this, and tweaked the madvise.2 text a little, to
> read as follows (please let me know if I messed anything up):
>
> ÂÂÂÂÂÂÂMADV_WIPEONFORK (since Linux 4.14)
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂPresent the child process with zero-filled
> memoryÂÂinÂÂthis
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂrangeÂÂafterÂÂa fork(2).ÂÂThis is useful in forking
> servers
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂin order to ensure thatÂÂsensitiveÂÂper-
> processÂÂdataÂÂ(for
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂexample,ÂÂPRNGÂÂseeds, cryptographic secrets, and so
> on) is
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂnot handed to child processes.
>
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂThe MADV_WIPEONFORK operation can be applied
> onlyÂÂtoÂÂpriâ
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂvate anonymous pages (see mmap(2)).

That looks great. Thank you, Michael!

--
All rights reversed

Attachment: signature.asc
Description: This is a digitally signed message part