memfd, PE loaders, unlink-after-dlopen. Three operating systems, three different definitions of 'in memory'. "Load the module from memory" sounds like one thing. It is not one thing. Each operating system gives you different primitives, hides different walls, and has a different definition of what counts as "never touched disk." I've been working on paker , a Python library that ships encrypted packages over the network and imports them without writing bytes to the filesystem, and the platform-by-platform reality turned out to be messier than the pitch. Post one in this series covered what paker is and what it's for; this one is about the plumbing underneath. The patterns below apply whether you're building a plugin system, shipping a proprietary SDK, or doing anything where the word "executable" appears without a corresponding path on disk. paker is the concrete example I'll point at, but the primitives are the OS's, not mine. Linux: memfd_create is the clean case Linux gives you the primitive you want.…