Christopher James Coleman
ug97cjc at cs.bham.ac.uk
Tue Jan 6 12:09:25 PST 2004
On Tue, 6 Jan 2004 ken_i_m at elegantinnovations.net wrote:
> On Tue, Jan 06, 2004 at 06:40:59PM +0000, Christopher James Coleman (ug97cjc at cs.bham.ac.uk) wrote:
> > I suppose the ideal solution in a secure system is to not have any part of
> > the program chain stupid enough to not protect pages with sensitive data
> > on. However, this is probably beyond the scope of the project.
> The secmem warning in gpg refers to someone rooting your box and reading
> the memory pages where the password is stored...
Sorry, my mistake. Unless there are two warnings, as I am sure there is a
mention of swap by GPG. Obviously swap does not even come into play versus
root, as he can read the memory no matter where it is. I thought there was
a mention of protecting your swap as data swapped may not be securely
deleted, and thus it would be possible to raw mount the swap (say, as a
local compromise, but it does not really matter) and find data on it. You
can tell the kernel to not swap certain pages, and I would have thought it
would make sense to use this ability when dealing with sensitive data. I
suppose it is the security trade-off again - locking up a lot of physical
memory versus protection of data (the inconvenience argument).
More information about the hlfs-dev