In article <[email protected]> you write: >Nemo <[email protected]> writes: > >>Well, Windows does not use fork()+exec(); it uses spawn() and its variants. >>Hence it avoids the whole vfork() / "memory overcommit" mess. > >Aren't many fork()s now pretty close to vfork(), via COW?
Yes. Every modern Unix-ish system I know of does COW both for forks and for writable data segments. Also keep in mind that even if you have no swap space for writable memory, any read-only code can be discarded and then reloaded from the file it was originally loaded from, which permits RAM to be significantly overcommited and still not run out of space. For crypto, I think this means that whatever model you have for where your data are is likely wrong, so I wouldn't spend a lot of time obsessing about it. I sort of see the point of encrypted swap, although I don't really understand the threat model where the attacker can defeat file protections and look at the /dev/swap but not at /dev/mem. R's, John _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
