Use |mprotect()| to secure key data ? / was: Re: Proposal: always handle keys in separate process

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jan 20 13:10:10 AEDT 2016


On Tue 2016-01-19 19:53:41 -0500, Roland Mainz wrote:
> What about the idea of storing "valuable" data in unlinked temp files
> and |mmap()| then only on demand ? That would keep them out of the
> claws of *other* users (obviously same user can use /proc/$pid/fd/$fd
> to |open()| such files, but then the same user could just attach
> gdb/dbx and dissect the ssh/sshd/ssh_secure_storage processes and even
> inject random code) ...

depending on the filesystem used, this could mean writing this sensitive
data to the underlying storage medium, which sounds like a worse failure
than anything this proposal would fix.

     --dkg


More information about the openssh-unix-dev mailing list