Bugtraq mailing list archives
Re: When scrubbing secrets in memory doesn't work
From: Florian Weimer <Weimer () CERT Uni-Stuttgart DE>
Date: Mon, 18 Nov 2002 18:20:07 +0100
Richard Moore <rich () westpoint ltd uk> writes:
It's worth noting that on systems such as linux and solaris, it is easy to avoid the paging problem by locking the process into memory.
"Locking into memory" does NOT mean "avoid paging". AFAIK, there are operating systems in which memory which has been locked is still paged to disk.
This is accomplished using the system calls mlock(2) and mlockall(2). The former is probably more suitable as the latter locks all of pages for the process.
It is very hard to use mlock(2) correctly, and using mlockall(2) creates a potential for local DoS attacks. Better disable swap or use encrypted swap on critical systems. -- Florian Weimer Weimer () CERT Uni-Stuttgart DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898
Current thread:
- Re: When scrubbing secrets in memory doesn't work, (continued)
- Re: When scrubbing secrets in memory doesn't work Andy Polyakov (Nov 07)
- Re: When scrubbing secrets in memory doesn't work Gianni Tedesco (Nov 07)
- Re: When scrubbing secrets in memory doesn't work Valdis . Kletnieks (Nov 08)
- Re: When scrubbing secrets in memory doesn't work Michael Zimmermann (Nov 09)
- Re: When scrubbing secrets in memory doesn't work Jan Echternach (Nov 14)
- When scrubbing secrets in memory doesn't work Michael Howard (Nov 09)
- RE: When scrubbing secrets in memory doesn't work Michael Wojcik (Nov 12)
- RE: When scrubbing secrets in memory doesn't work Michael Wojcik (Nov 17)
- Re: When scrubbing secrets in memory doesn't work Nicholas Weaver (Nov 18)
- Re: When scrubbing secrets in memory doesn't work Richard Moore (Nov 20)
- Re: When scrubbing secrets in memory doesn't work Florian Weimer (Nov 18)
- Re: When scrubbing secrets in memory doesn't work Peter Watkins (Nov 19)
- Re: When scrubbing secrets in memory doesn't work Nicholas Weaver (Nov 18)