"Brandon S. Allbery KF8NH" <[EMAIL PROTECTED]> writes: >>> You could just mlock() everything allocated by the RTS... >> >> Brute force. :-) Certainly the most simple way to do it. But is that >> option already here (say in ghc), or would one have to patch the >> runtime for that? > > Note also that this requires setuid root (yes, in gpg as well) --- so > you are trading one known security issue for an unknown number of > others.
I rather think, that this is indeed a failing in current day operating systems. What I think they should support is, that data (streams and memory) can be flagged a belonging to different trust / exposure classes and the same should be done for storage devices and swap. The OS should just prevent a process whose input is flagged a dont-expose from swapping to exposable storage since dont-expose input would automatically entail dont-expose process memory except in the cases where the process provides appropriate guarantees that allow it to handle exposable and non-exposable storage at the same time. (Should I write disclosure anstead of exposure?) Whatever -- I think the implementing crypto in Haskell would be a good thing, but the issue of how to prevent swapping to disk would have to be solved in a convincing way (can a C-Wrapper process help there?) before a GPG reimplementation is a convincing high profile show case project for Haskell. Regards -- Markus _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
