Locking pages in core
Kevin Steves
stevesk at sweden.hp.com
Mon Nov 6 07:29:46 EST 2000
On Tue, 31 Oct 2000, Jason Stone wrote:
: Is there any interest in using mlock to lock pages in core so that
: potentially sensitive data won't get swapped out to disk? (GnuPG, for
: example, does this).
:
: There was a thread on this a long time ago, and it degenerated into a
: discussion of crypto-swap, but the question was never answered.
:
: Is there a good reason not to do this? The only one I can think of is
: that we'll need to make ssh-agent setuid as mlock requires root
: priveleges.
I think it's worthwhile to pursue this. My first thought is some type
of secmem library ala gpg. I think OpenSSH is already careful about
clearing buffers that have held sensitive data asap, but it would be
better to place this data in non-swapable segments in the first place.
For HP-UX:
11.0 support mlock(2) and it doesn't require root if you use the
privgrp(4) mechanism.
10.20 has plock(2) which isn't as fine-grained as mlock() and basically
permits you to lock the entire data segment. plock() supports privgrp
as well. I think there's an mlock() stub in libc that will just raise
SIGSYS.
More information about the openssh-unix-dev
mailing list