@malwaretech sigh. I've wanted to do this in Linux for years, but I've got a different job, and nobody really likes being given ideas. Basically it's just an mprotect() flag to mark stuff as not dumpable, not mappable from /proc (or map-on-read zero pages), and show the flag in /proc/pid/maps.