Pete Chown <Pete.Chownskygate.co.uk> writes:

> Antonomasia wrote:
>
> > I find configuring a box to use no paging space is an easy way to
> > address this with no requirement for 0==euid in the affected programs.
>
> The other way is an encrypted swap partition with forward secrecy.
> Has anyone built such a beast?

You can *almost* do this in Linux now. Linux supports enrypted block
devices, so on bootup, you just generate a random key and use the
filesystem. If you have the room, you can have two, and change the keys
every so often (without ever having to live without swap entirely).
Unfortunately, there is currently a race in the kernel if you try to swap
to an encrypted filesystem.

You can, of course, also do this for /tmp.

> I was just thinking, you could build an encrypted filesystem where
> each file has a different key, stored in the inode. Then secure
> deletion of files just means destroying the key in the inode, and not
> overwriting lots of pages of disk. Perhaps this is hard work for not
> much gain, though.

That would indeed work, but it's a lot of work for the kernel to do to get
at every file in the system. But most files are not sensitive, you you
might be able to do something sneaky with a "mark for secure deletion"
scheme involving filesystem attributes.

I'm afraid all this is overkill for my particular setup. In particular, it
needs to run on an unmodified system owned by some random person.

Andrew

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]