From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47138) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Un3B2-00073K-T6 for qemu-devel@nongnu.org; Thu, 13 Jun 2013 04:46:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Un3B0-00051R-1R for qemu-devel@nongnu.org; Thu, 13 Jun 2013 04:46:40 -0400 Received: from mx.ipv6.kamp.de ([2a02:248:0:51::16]:36046 helo=mx01.kamp.de) by eggs.gnu.org with smtp (Exim 4.71) (envelope-from ) id 1Un3Az-000513-MY for qemu-devel@nongnu.org; Thu, 13 Jun 2013 04:46:37 -0400 Message-ID: <51B986EF.9000304@kamp.de> Date: Thu, 13 Jun 2013 10:46:39 +0200 From: Peter Lieven MIME-Version: 1.0 References: <51B96205.4010601@kamp.de> <20130613084015.GF2633@stefanha-thinkpad.redhat.com> In-Reply-To: <20130613084015.GF2633@stefanha-thinkpad.redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [RFC] sanitize memory on system reset List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Hajnoczi Cc: "qemu-devel@nongnu.org" , "H. Peter Anvin" On 13.06.2013 10:40, Stefan Hajnoczi wrote: > On Thu, Jun 13, 2013 at 08:09:09AM +0200, Peter Lieven wrote: >> I was thinking if it would be a good idea to zeroize all memory resources on system reset and >> madvise dontneed them afterwards. This would avoid system reset attacks in case the attacker >> has only access to the console of a vServer but not on the physical host and it would shrink >> RSS size of the vServer siginificantly. > I wonder if you'll hit weird OS installers or PXE clients that rely on > stashing stuff in memory across reset. Mhh, that indeed would be weird. What do you think of the idea in general? You concerns could be addresses by adding a switch for this which defaults to off. Peter