BugTraq
RE: When scrubbing secrets in memory doesn't work Nov 14 2002 10:44AM
Michael Wojcik (Michael Wojcik microfocus com) (1 replies)
Re: When scrubbing secrets in memory doesn't work Nov 17 2002 04:49PM
Nicholas Weaver (nweaver CS berkeley edu) (1 replies)
Re: When scrubbing secrets in memory doesn't work Nov 18 2002 04:36PM
Richard Moore (rich westpoint ltd uk) (2 replies)
Re: When scrubbing secrets in memory doesn't work Nov 18 2002 06:19PM
Peter Watkins (peterw usa net)
Re: When scrubbing secrets in memory doesn't work Nov 18 2002 05:20PM
Florian Weimer (Weimer CERT Uni-Stuttgart DE)
Richard Moore <rich (at) westpoint.ltd (dot) uk [email concealed]> writes:

> It's worth noting that on systems such as linux and solaris, it is
> easy to avoid the paging problem by locking the process into
> memory.

"Locking into memory" does NOT mean "avoid paging". AFAIK, there are
operating systems in which memory which has been locked is still paged
to disk.

> This is accomplished using the system calls mlock(2) and
> mlockall(2). The former is probably more suitable as the latter
> locks all of pages for the process.

It is very hard to use mlock(2) correctly, and using mlockall(2)
creates a potential for local DoS attacks.

Better disable swap or use encrypted swap on critical systems.

--
Florian Weimer Weimer (at) CERT.Uni-Stuttgart (dot) DE [email concealed]
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus