The madvise() syscall has the ability to exclude regions of memories from core dumps. This is achieved by setting the MADV_DONTDUMP flag on those regions. One of its uses is keeping sensitive data out of core dumps (such as encryption keys). This would require some changes as the flag set by MADV_DONTDUMP is not surfaced in /proc/<pid>/maps, but it does appear in /proc/<pid>/smaps, here's an example:
7ffe540ad000-7ffe540b1000 r--p 00000000 00:00 0 [vvar]
Size: 16 kB
KernelPageSize: 4 kB
MMUPageSize: 4 kB
Rss: 0 kB
Pss: 0 kB
Pss_Dirty: 0 kB
Shared_Clean: 0 kB
Shared_Dirty: 0 kB
Private_Clean: 0 kB
Private_Dirty: 0 kB
Referenced: 0 kB
Anonymous: 0 kB
KSM: 0 kB
LazyFree: 0 kB
AnonHugePages: 0 kB
ShmemPmdMapped: 0 kB
FilePmdMapped: 0 kB
Shared_Hugetlb: 0 kB
Private_Hugetlb: 0 kB
Swap: 0 kB
SwapPss: 0 kB
Locked: 0 kB
THPeligible: 0
VmFlags: rd mr pf io de dd sd
Notice the dd entry in the VmFlags? That means the memory area shouldn't be dumped. We'd have to switch the way we parse memory mappings from /proc/<pid>/maps to /proc/<pid>/smaps. This isn't urgent BTW, but I wanted to write it down so I don't forget.
The
madvise()syscall has the ability to exclude regions of memories from core dumps. This is achieved by setting theMADV_DONTDUMPflag on those regions. One of its uses is keeping sensitive data out of core dumps (such as encryption keys). This would require some changes as the flag set byMADV_DONTDUMPis not surfaced in/proc/<pid>/maps, but it does appear in/proc/<pid>/smaps, here's an example:Notice the
ddentry in theVmFlags? That means the memory area shouldn't be dumped. We'd have to switch the way we parse memory mappings from/proc/<pid>/mapsto/proc/<pid>/smaps. This isn't urgent BTW, but I wanted to write it down so I don't forget.