Inhibiting swapping with mlock
Ben Taylor
the_h1ghlander at yahoo.com
Sat Jan 15 17:54:53 EST 2000
--- Damien Miller <djm at mindrot.org> wrote:
> On Thu, 13 Jan 2000, Phil Karn wrote:
>
> > There's one vulnerability that's bugged me for
> some time. It applies
> > to nearly all crypto software, including ssh.
> That's the swapping of
> > sensitive info (such as keys and key equivalents)
> onto hard drives
> > where they could possibly be recovered later.
>
> FWIW OpenSSH is pretty careful to bzero() sensitive
> data (such as
> keys and passphrases) as soon as possible.
>
> This does not protect data that has been swapped,
> but it does reduce
> the likelyhood of it reaching swap in the first
> place.
I don't know about Linux and the BSD variants, but I
think you can lock a process into memory which will
prevent it from being paged out in Solaris. Perhaps
this is something we should investigate?
Ben
mailto:bent at clark.net
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
More information about the openssh-unix-dev
mailing list