In our haste to help, the secure memory allocation patch we posted last week
had two issues. First, it wasn’t easy to use. We knew that, and tried to set
expectations accordingly. Second, it wasn’t really secure enough. We didn’t
know that, and we thank everyone who brought it to our attention.
> Have you thought about mprotecting the guard pages with
> mprotect(PROT_NONE) so the application crashes in case of a stray memory
> access?
Yes, rats. My message implied that we do that. And I then posted the wrong
version of the code. :(
Here's the right version of cmm_init.
/r$
Hello!
On Fri, Apr 11, 2014 at 01:22:21PM -0400, Salz, Rich wrote:
> Akamai Technologies is pleased to offer the following patch to OpenSSL. It
> adds a "secure arena" that is used to store RSA private keys. This arena is
> mmap'd, with guard pages before and after so pointer over- and under-ru
Akamai Technologies is pleased to offer the following patch to OpenSSL. It adds
a "secure arena" that is used to store RSA private keys. This arena is mmap'd,
with guard pages before and after so pointer over- and under-runs won't wander
into it. It's also locked into memory so it doesn't appea