GitBross Home Explore Help
Register Sign In
sol_BMCMMXZh
/
wormhole-foundation_wormhole
mirror of https://github.com/wormhole-foundation/wormhole
1
0
Fork 0
Files Issues 1 Wiki
Branch: svm/anchor-v0.29.0-shim-interface
Branches Tags
wormhole-founda...
/
node
/
pkg
/
common
/
sysutils.go

sysutils.go 801 B
Permalink History Raw

1234567891011121314151617181920212223242526 
  1. package common
    2. 

  2. 

  3. import (
    4. 

  4. 	"fmt"
    5. 

  5. 	"os"
    6. 

  6. 	"syscall"
    7. 

  7. 

  8. 	"golang.org/x/sys/unix"
    9. 

  9. )
    10. 

  10. 

  11. // LockMemory locks current and future pages in memory to protect secret keys from being swapped out to disk.
    12. 

  12. // It's possible (and strongly recommended) to deploy Wormhole such that keys are only ever
    13. 

  13. // stored in memory and never touch the disk. This is a privileged operation and requires CAP_IPC_LOCK.
    14. 

  14. func LockMemory() {
    15. 

  15. 	err := unix.Mlockall(syscall.MCL_CURRENT | syscall.MCL_FUTURE)
    16. 

  16. 	if err != nil {
    17. 

  17. 		fmt.Printf("Failed to lock memory: %v (CAP_IPC_LOCK missing?)\n", err)
    18. 

  18. 		os.Exit(1)
    19. 

  19. 	}
    20. 

  20. }
    21. 

  21. 

  22. // SetRestrictiveUmask masks the group and world bits. This ensures that key material
    23. 

  23. // and sockets we create aren't accidentally group- or world-readable.
    24. 

  24. func SetRestrictiveUmask() {
    25. 

  25. 	syscall.Umask(0077) // cannot fail
    26. 

  26. }
    27.