Markus Armbruster <arm...@redhat.com> writes: > Peter Lieven <p...@kamp.de> writes: > >> On 13.06.2013 10:40, Stefan Hajnoczi wrote: >>> On Thu, Jun 13, 2013 at 08:09:09AM +0200, Peter Lieven wrote: >>>> I was thinking if it would be a good idea to zeroize all memory >>>> resources on system reset and >>>> madvise dontneed them afterwards. This would avoid system reset >>>> attacks in case the attacker >>>> has only access to the console of a vServer but not on the physical >>>> host and it would shrink >>>> RSS size of the vServer siginificantly. >>> I wonder if you'll hit weird OS installers or PXE clients that rely on >>> stashing stuff in memory across reset. >> One point: >> Wouldn't a memory test which some systems do at startup break these as well? > > Systems that distinguish between warm and cold boot (such as PCs) > generally run POST only on cold boot. > > I'm not saying triggering warm reboot and expecting memory contents to > survive is a good idea, but it has been done.
Doesn't kexec do a warm reboot stashing the new kernel somewhere in memory? Regards, Anthony Liguori
