From b4b98d7ad089f574bdb2f3421d982ebc9f0b9f20 Mon Sep 17 00:00:00 2001 From: Luke Dashjr Date: Thu, 14 Mar 2019 13:36:24 +0000 Subject: [PATCH 1/2] lockedpool: When possible, use madvise to avoid including sensitive information in core dumps --- src/support/lockedpool.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/support/lockedpool.cpp b/src/support/lockedpool.cpp index 01273c979..7fb05156e 100644 --- a/src/support/lockedpool.cpp +++ b/src/support/lockedpool.cpp @@ -230,6 +230,9 @@ void *PosixLockedPageAllocator::AllocateLocked(size_t len, bool *lockingSuccess) addr = mmap(nullptr, len, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); if (addr) { *lockingSuccess = mlock(addr, len) == 0; +#ifdef MADV_DONTDUMP + madvise(addr, len, MADV_DONTDUMP); +#endif } return addr; } From 09f86e7494690c4b4018ddbb2b4d48dc9b8a57c2 Mon Sep 17 00:00:00 2001 From: Vasil Dimov Date: Thu, 26 Mar 2020 20:43:17 +0100 Subject: [PATCH 2/2] lockedpool: avoid sensitive data in core files (FreeBSD) This is a followup to 23991ee53 / https://github.com/bitcoin/bitcoin/pull/15600 to also use madvise(2) on FreeBSD to avoid sensitive data allocated with secure_allocator ending up in core files in addition to preventing it from going to the swap. --- src/support/lockedpool.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/support/lockedpool.cpp b/src/support/lockedpool.cpp index 7fb05156e..b7b2380ca 100644 --- a/src/support/lockedpool.cpp +++ b/src/support/lockedpool.cpp @@ -230,8 +230,10 @@ void *PosixLockedPageAllocator::AllocateLocked(size_t len, bool *lockingSuccess) addr = mmap(nullptr, len, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); if (addr) { *lockingSuccess = mlock(addr, len) == 0; -#ifdef MADV_DONTDUMP +#if defined(MADV_DONTDUMP) // Linux madvise(addr, len, MADV_DONTDUMP); +#elif defined(MADV_NOCORE) // FreeBSD + madvise(addr, len, MADV_NOCORE); #endif } return addr;