OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Jason Stone (jasonshalott.net)
Date: Wed Feb 06 2002 - 21:51:45 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    > can the swap partition be used to 'spy' what happenned into a box?
    >
    > can someone with physical access to a box put the hard drive in
    > another computer and check into the swap to find password or email or
    > ...?

    For the most part, any part of main memory can get swapped out at any
    time. If a process that handles passwords or keys gets some or all of its
    pages swapped out, then yes, you'll probablly be able retrieve those
    passwords or keys from the swap disk. This is mostly only an issue with
    long-running processes like ssh-agent.

    You can easily verify this for yourself - write a four-line program that
    allocates a buffer, sticks a constant string in it, and then sleeps
    forever. Then write a program that forks a bunch of times and each copy
    allocates as much memory as it can. Wait until the machine starts
    thrashing, kill all the memory eaters, and then run strings(1) on your
    swap partition - the constant string from the first program will almost
    certainly be in there.

    > what can i do about it?

    There is a system call called mlock(2) which allows a program to lock its
    memory pages in core, ensuring that they won't get swapped out. Security
    or performance oriented programs sometimes use this. The downside is that
    this call can only be made by root, so your programs have to be setuid
    root. The gnupg port has some pretty generic code that provides
    secure_malloc, secure_free, etc, using mlock.

    Alternatively, you could arrange for your swap to be encrypted somehow
    (swap to a file on a cryptfs or cfs mount) or else just not use swap.

     -Jason

     -----------------------------------------------------------------------
     I worry about my child and the Internet all the time, even though she's
     too young to have logged on yet. Here's what I worry about. I worry
     that 10 or 15 years from now, she will come to me and say "Daddy, where
     were you when they took freedom of the press away from the Internet?"
            -- Mike Godwin

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (FreeBSD)
    Comment: See https://private.idealab.com/public/jason/jason.gpg

    iD8DBQE8YfnVswXMWWtptckRAn/pAKCXa+jKyF0I7hsQNOaJ0PxV+9kRSgCfTE5R
    x9/TEI/h7f9PWVneVNT3fl0=
    =PiGg
    -----END PGP SIGNATURE-----

    To Unsubscribe: send mail to majordomoFreeBSD.org
    with "unsubscribe freebsd-security" in the body of the message