[27931] in bugtraq
Re: When scrubbing secrets in memory doesn't work
daemon@ATHENA.MIT.EDU (Florian Weimer)
Tue Nov 19 01:20:38 2002
To: Richard Moore <rich@westpoint.ltd.uk>
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Date: Mon, 18 Nov 2002 18:20:07 +0100
In-Reply-To: <3DD91729.5000307@westpoint.ltd.uk> (Richard Moore's message of
"Mon, 18 Nov 2002 16:36:57 +0000")
Message-ID: <87wunag5h4.fsf@Login.CERT.Uni-Stuttgart.DE>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Richard Moore <rich@westpoint.ltd.uk> writes:
> It's worth noting that on systems such as linux and solaris, it is
> easy to avoid the paging problem by locking the process into
> memory.
"Locking into memory" does NOT mean "avoid paging". AFAIK, there are
operating systems in which memory which has been locked is still paged
to disk.
> This is accomplished using the system calls mlock(2) and
> mlockall(2). The former is probably more suitable as the latter
> locks all of pages for the process.
It is very hard to use mlock(2) correctly, and using mlockall(2)
creates a potential for local DoS attacks.
Better disable swap or use encrypted swap on critical systems.
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
