On Wed, Aug 26, 2009 at 5:05 PM, David Holland<dholland-t...@netbsd.org> wrote:
> Entities that share the same memory space inherently have the same > trust level. At that point it becomes a nonissue, except for e.g. > cryptographic keys that should already be getting handled properly. > > I'm not clear what you have in mind. First I disagree with your assertion that "all" kernel memory is considered security-sensitive. Second, the placement of the note in the kmem(9) man-page seems odd, especially given the practice of handling security-sensitive information in freed memory is relevant to all memory allocators regardless of where the security-sensitive information is used (in the kernel or a userland application). Third, I've heard interesting things about something called KERNSEAL from the PaX project that's supposed to provide kernel self-protection. I'm not suggesting something should be changed, I'm just thinking out loud. -e.
