Protecting sensitive data [was Re: Cleanup for cryptographic
algorithms vs. compiler optimizations]
C. P. Ghost
cpghost at cordula.ws
Mon Jun 14 02:00:55 UTC 2010
2010/6/14 Peter Jeremy <peterjeremy at acm.org>:
> On 2010-Jun-13 10:07:15 +0200, Dag-Erling Smørgrav <des at des.no> wrote:
>>You always overwrite passphrases, keys etc. as soon as you're done with
>>them so they don't end up in a crash dump or on a swap disk or
>>something.
>
> Which brings up an associated issue: By default, mlock(2) can only be
> used by root processes. It would be really handy if non-privileged
> processes could lock small amounts of VM so they can securely handle
> passwords, passphrases, keys, etc. MAC offers the option of allowing
> non-root processes access to mlock() but doesn't provide any
> restrictions on the amount of memory they can lock.
Interesting!
>From an admin point of view, this behavior could them be enabled
or disabled via sysctl(8), and this sysctl variable could define what
"small" means exactly (#nr of pages per process maybe?)
Another sysctl variable should probably define how many pages
can be locked in general by all non-privileged processes, to prevent
malicious programs like fork bombs to mlock the whole memory.
> Peter Jeremy
-cpghost.
--
Cordula's Web. http://www.cordula.ws/
More information about the freebsd-current
mailing list