Inhibiting swapping with mlock
SysProg - Nathan Paul Simons
enigma at nmt.edu
Fri Jan 14 06:56:52 EST 2000
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 13 Jan 2000, Dug Song wrote:
> On Thu, 13 Jan 2000, Phil Karn wrote:
>
> > The Linux kernel provides a system call, mlock(), that inhibits
> > swapping of a specified region of virtual memory. It locks it into
> > real memory.
> >
> > I see no calls to mlock anywhere in ssh.
>
> OpenBSD supports swap encryption instead. shouldn't be hard to port to
> Linux.
i was about to say that maybe swap should be encrypted. And, if
you're really paranoid, you might go so far as to apply ipsec/swan
principles to paged memory entirely (ie encrypt ALL memory and implement
an authentication scheme process by process). This would really slow
things down, however, and also leads to the question of where do you keep
the keys? On the insecure hard drive?
Of course, for most purposes, having swap on a partition that's
not touchable by anyone but root is usually good enough, plus the fact
that most modern OSes (*BSD and Linux in particular) don't allow processes
to acess other processes memory, except under special conditions (ie
forks, shared libs, etc)
Systems Programmer - Nathan Paul Simons
http://www.nmt.edu/~enigma Speare 20 x5748
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBOH4uCYagi6ObDYzdAQGgHgQAkh+g5dTU3XMbCtYacS75F1eEIjDGBU/k
hBm4sT0sWQ8FL90iKR9odViZI1NcDMzBEscaugvSP16KoaLgqyauMpgcGQy0sNLi
tGUab8RLytsNrGSCDGLPqw8acIxBYThk6sIdJCYFOo1D6wWuOGci8BXCKdXPkJ5c
+0tQra6Y+TU=
=Q6JZ
-----END PGP SIGNATURE-----
More information about the openssh-unix-dev
mailing list