[PATCH] make nginx not swappable

Maxim Dounin mdounin at mdounin.ru
Wed May 21 16:48:47 UTC 2014


Hello!

On Wed, May 21, 2014 at 04:21:17PM +0200, Marcin Strągowski wrote:

> 
> Hello, I'm new here but I work with nginx on daily basis at my 
> company Adpilot.pl and I would like to suggest a patch to nginx.
> 
> Recently we had a need to provide a full security to our servers 
> by securing our encryption keys and preventing them to be 
> written on to the hard disk.
> 
> But there still was an issue with swapping out nginx - there 
> still was (a small) possibility that in extreme situations some 
> portion of nginx memory where keys are stored (or information 
> which could be used to recreate keys) will be swapped out and 
> will be written on hard drive.
> 
> Also keeping nginx out of swap has few performance benefits on 
> heavy loaded systems ;)
> 
> In earlier Linux systems process could be kept out of swap by 
> setting a sticky bit (chmod +S) but on all modern linux 
> distributions - this flag doesn't work anymore.
> 
> Now it must be done manually in code, so I'm sending a patch 
> which is adding a configuration parameter that can enable 
> marking all nginx memory (also workers) as nonswappable.

I don't like neither the functionality nor the patch.

Trivial solution to the original problem would be to just disable 
swap on the system (and you'll have to disable dumps and 
hibernation as well).

Better approach would be to store keys in a special secure 
allocation, locked and with guard pages.  Akamai recently tried to 
provide a patch for OpenSSL for this, see thread here:

http://thread.gmane.org/gmane.comp.encryption.openssl.user/51243

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx-devel mailing list