[MLton] Writing memory to disk ...
Wesley W. Terpstra
terpstra@gkec.informatik.tu-darmstadt.de
Wed, 24 May 2006 17:40:46 +0200
On May 24, 2006, at 5:15 PM, Henry Cejtin wrote:
> Note, MLton can't really get more than about 2 gig in the nmap
> address space.
So, then why the work around? Or do you really mean total, and not
contiguous?
> Re passwords on the disk, the right way to go to eliminate most of
> the danger
> is that you create the file, then unlink, then write.
I'm sorry, but this is definitely *not* ok. Sensitive information is
never supposed to touch disk. It's not about defending against root,
it's about defending against theft, seizure, etc. You can tell the
kernel some areas may not be swapped out, but you can't tell this to
MLton. Crypto libraries like openssl make sure private keys don't get
paged out. Yet if linked into a MLton executable, that becomes
irrelevant.
Then too, there's my concern that if you fill up /tmp, software can
start to break. At least on Mac OS, I've lost my desktop settings
whenever the disk was filled. No fun, I assure you. Yes, it's an osx
bug, but it's one I have to live with.
And again, it's not something a person would reasonably expect a
program to do! Any MLton compiled program might do this...
> Any way, I definitely need it, but an option might be ok.
What do you use it for?
I don't object to it as long as it's off by default and the path
isn't hard-coded. One could actually kill to birds with one stone by
having the option also specify the path. eg: ./myprogram @MLton swap-
file /tmp/xxxx -- ...