The memfd_secret system call removes sensitive data from the kernel page tables, but that doesn’t make it untouchable. This article presents a userspace approach to secret memory exfiltration, along with the kernel internals underpinning it.
The memfd_secret system call removes sensitive data from the kernel page tables, but that doesn’t make it untouchable. This article presents a userspace approach to secret memory exfiltration, along with the kernel internals underpinning it.