This page describes the Protectec RAM File System (PRAM FS) feature.
PRAM FS is a file system that enhances the security of system data in the presence of kernel bugs or rogue programs.
The protected RAM file system will ordinarily remain consistent even if kernel data pointers are corrupted, or if the kernel starts executing unexpectedly in the wrong location. This is accomplished by making the RAM pages used by PRAM FS non-writable except during the actual file operations themselves.
A single bug in the Linux kernel may cause catastrophic damage to a system. If a product holds irreproducible security keys, financial data, or account information, then loss of such data could render the product unusable, or worse. The customer could suffer financial or legal harm (from account theft or identity theft).
It is not possible to guarantee with certainty that there are no bugs in the Linux kernel. However, it is possible to decrease the probability that a bug in the kernel will cause damage to a particular area of memory or storage. This protected area can then be used, with greater confidence, to hold sensitive user or product data.
The home page for the PRAMFS project is at: http://pramfs.sourceforge.net/
That site contains a LOT of detailed technical information and more explanation of the rationale for this feature.
- [Patch for CELF version XXXXXX is *here*] - [Patch for 2.4.xx is *here*] - Patch for 2.6.7 is pending... (see celinux-dev archive message 197 for a recent submission to forum)
Pram fs can be created and populated using normal Linux filesystem utilities.
How To Use
See the file
Documentation/filesystems/pramfs.txt for instructions on its use (once the patch is applied).
Pramfs was submitted for consideration for inclusion in the 2.6.4 kernel, in March 2004. There was a thread of discussion here
There were a few, easily answered, concerns raised. But the patch was not accepted into mainstream.
I talked to Andrew Morton about this in April, 2004, and he said the threshold is high for getting a new filesystem into the mainline kernel, because each filesystem adds incremental, ongoing, source maintenance overhead.
[Examples of use with measurement of the effects.]
Here is a list of things that could be worked on for this feature: