Inhibiting swapping with mlock

Damien Miller djm at mindrot.org
Fri Jan 14 22:27:42 EST 2000


On Thu, 13 Jan 2000, Phil Karn wrote:

> There's one vulnerability that's bugged me for some time. It applies
> to nearly all crypto software, including ssh. That's the swapping of
> sensitive info (such as keys and key equivalents) onto hard drives
> where they could possibly be recovered later.

FWIW OpenSSH is pretty careful to bzero() sensitive data (such as
keys and passphrases) as soon as possible. 

This does not protect data that has been swapped, but it does reduce 
the likelyhood of it reaching swap in the first place.

Regards,
Damien Miller

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)








More information about the openssh-unix-dev mailing list