svn commit: r48000 - head/en_US.ISO8859-1/htdocs/news/status

Benjamin Kaduk bjk at FreeBSD.org
Tue Jan 12 04:31:03 UTC 2016 

Author: bjk
Date: Tue Jan 12 04:31:02 2016
New Revision: 48000
URL: https://svnweb.freebsd.org/changeset/doc/48000

Log:
  Add entry on encrypted kernel crash dumps from def

Modified:
  head/en_US.ISO8859-1/htdocs/news/status/report-2015-10-2015-12.xml

Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2015-10-2015-12.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/news/status/report-2015-10-2015-12.xml	Tue Jan 12 04:23:47 2016	(r47999)
+++ head/en_US.ISO8859-1/htdocs/news/status/report-2015-10-2015-12.xml	Tue Jan 12 04:31:02 2016	(r48000)
@@ -1980,4 +1980,45 @@
       </task>
     </help>
   </project>
+
+  <project cat='proj'>
+    <title>Encrypted Kernel Crash Dumps</title>
+
+    <contact>
+      <person>
+	<name>
+	  <given>Konrad</given>
+	  <common>Witaszczyk</common>
+	</name>
+	<email>def at FreeBSD.org</email>
+      </person>
+    </contact>
+
+    <links>
+      <url href="https://lists.FreeBSD.org/pipermail/freebsd-security/2015-December/008780.html">Technical Details</url>
+      <url href="https://reviews.FreeBSD.org/D4712">Patch Review</url>
+    </links>
+
+    <body>
+      <p>Kernel crash dumps contain information about currently
+	running processes.  This can include sensitive data, for example
+	passwords kept in memory by a browser when a kernel panic
+	occurred.  An entity that can read data from a dump device or a
+	crash directory can also extract this information from a core
+	dump.  In order to prevent this situation, the core dump should be
+	encrypted before it is stored on the dump device.</p>
+
+      <p>This project allows a kernel to encrypt a core dump during
+	a panic.  A user can configure the kernel for encrypted dumps and
+	save the core dump after reboot using the existing tools,
+	<tt>dumpon(8)</tt> and <tt>savecore(8)</tt>.  A new tool
+	<tt>decryptcore(8)</tt> was added to decrypt the core files.</p>
+
+      <p>A patch has been uploaded to Phabricator for review.  The
+	project is currently being updated to address the review comments,
+	and should be committed as soon as it is accepted.  For more
+	technical details, please visit the FreeBSD-security mailing list
+	archive or see the Phabricator review.</p>
+    </body>
+  </project>
 </report>

More information about the svn-doc-all mailing list