From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:40953) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Un0ig-0006MC-DH for qemu-devel@nongnu.org; Thu, 13 Jun 2013 02:09:17 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Un0id-0002tV-Ke for qemu-devel@nongnu.org; Thu, 13 Jun 2013 02:09:14 -0400 Received: from mx.ipv6.kamp.de ([2a02:248:0:51::16]:34073 helo=mx01.kamp.de) by eggs.gnu.org with smtp (Exim 4.71) (envelope-from ) id 1Un0id-0002t8-Am for qemu-devel@nongnu.org; Thu, 13 Jun 2013 02:09:11 -0400 Message-ID: <51B96205.4010601@kamp.de> Date: Thu, 13 Jun 2013 08:09:09 +0200 From: Peter Lieven MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Subject: [Qemu-devel] [RFC] sanitize memory on system reset List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "qemu-devel@nongnu.org" Hi, I was thinking if it would be a good idea to zeroize all memory resources on system reset and madvise dontneed them afterwards. This would avoid system reset attacks in case the attacker has only access to the console of a vServer but not on the physical host and it would shrink RSS size of the vServer siginificantly. BR, Peter -- Mit freundlichen Grüßen Peter Lieven ........................................................... KAMP Netzwerkdienste GmbH Vestische Str. 89-91 | 46117 Oberhausen Tel: +49 (0) 208.89 402-50 | Fax: +49 (0) 208.89 402-40 pl@kamp.de | http://www.kamp.de Geschäftsführer: Heiner Lante | Michael Lante Amtsgericht Duisburg | HRB Nr. 12154 USt-Id-Nr.: DE 120607556 ...........................................................