summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--configure.ac8
-rw-r--r--egg/egg-secure-memory.c13
2 files changed, 21 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac
index 4b836641..de0c759b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -184,6 +184,14 @@ AC_CHECK_FUNCS(gettimeofday fsync)
AC_CHECK_FUNCS(mlock)
# --------------------------------------------------------------------
+# Prevent memory from being included in core dumps
+#
+
+AC_CHECK_DEFINE([sys/mman.h],[MADV_DONTDUMP],
+ AC_DEFINE([HAVE_MADV_DONTDUMP], [1],
+ [Define if madvise knows about MADV_DONTDUMP]))
+
+# --------------------------------------------------------------------
# socket()
#
diff --git a/egg/egg-secure-memory.c b/egg/egg-secure-memory.c
index bc82184a..3dca8fb5 100644
--- a/egg/egg-secure-memory.c
+++ b/egg/egg-secure-memory.c
@@ -885,6 +885,19 @@ sec_acquire_pages (size_t *sz,
DEBUG_ALLOC ("gkr-secure-memory: new block ", *sz);
+#if defined(HAVE_MADV_DONTDUMP)
+ if (madvise (pages, *sz, MADV_DONTDUMP) < 0) {
+ if (show_warning && egg_secure_warnings) {
+ /*
+ * Not fatal - this was added in Linux 3.4 and older
+ * kernels will legitimately fail this at runtime
+ */
+ fprintf (stderr, "couldn't MADV_DONTDUMP %lu bytes of memory (%s): %s\n",
+ (unsigned long)*sz, during_tag, strerror (errno));
+ }
+ }
+#endif
+
show_warning = 1;
return pages;
View Lorry Controller Status