tr1pd icon indicating copy to clipboard operation
tr1pd copied to clipboard

Published 20 hours ago verified publisher icon kpcyrd

Introduce mlock for ephemeral secret keys

Open kpcyrd opened this issue 6 years ago • 0 comments

This prevents a situation where the ephemeral private keys are written to the swapfile.

This requires an additional syscall in the existing seccomp filter and also needs --cap-add=IPC_LOCK for docker. In the later case it might make sense to make this feature opt-out-able.

kpcyrd avatar Jan 15 '18 19:01 kpcyrd