|
|
|
|
|
|
by the8472
2559 days ago
|
|
|
Per-process keys aren't really possible because memory can change process ownership (vmsplice) or be shared across processes (fork, page cache, memfd). It might be possible for pages marked MADV_DONTFORK Additionally a per-process key does not help against spectre style attacks where you would trick the process into speculating on protected memory. |
|
|