If you have data you don't want written to a core dump, then MAP_CONCEAL will li... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Lt_Riza_Hawkeye on June 6, 2019 \| parent \| context \| favorite \| on: OpenBSD Recent Security Innovations If you have data you don't want written to a core dump, then MAP_CONCEAL will literally only help you if that memory is in an mmap'd region. If it's in regular old virtual memory, you're fucked. So if you're going to add a flag to something to let users conceal a region of memory from a core dump, add it to madvise, adding it to mmap is just adding arbitrary restrictions on the programmer. Linux got it right with MADV_DONTDUMP

quotemstr on June 6, 2019 | [–]

All memory is mmaped, especially on OpenBSD, which deprecated basically-mmap-with-a-mustache brk. There's no such thing as "regular old virtual memory".

davidcuddeback on June 6, 2019 | [–]

There’s also malloc_conceal() and calloc_conceal(), as discussed in the article.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact