Re: memory pages nulling when releasing



--- Dan Lukes <dan@xxxxxxxxx> wrote:
[...] Thus, keeping sensitive informations within memory for short
time only MAY reduce the risk level. The intruder need wait for
information to appear in memory again - but it cost time. [...]

That is true - it costs time...

But if a bad guy has already root access it does not really matter,
(aa) if he has to wait for some minutes or hours,
or
(bb) if he has just a small time window
or
(cc) if he can immediately start with scanning for secrets in /dev/mem.

I say, in that case there is no security (it might be even possible to present
the old state of the system to the outside via a modified kernel, that has
"very strange ideas" about the correct results of certain syscalls, and that
gets activated after a spontaneous reboot due to non-further specified reasons
(maybe due to a power failure or a failure in the old UPS-device or a mobile
phone that somebody possibly used inside the fully air-conditioned centre?;
does somebody know, what "dd if=/dev/zero of=/dev/mem" does?)...)...

As far as I understood the answers so far, OpenSSH and such tools are aware of
that slightly increased risk, so that they zero the memory areas that contained
sensitive data as soon as they are not needed anymore... So everything is fine
and alright... ;-))

:-))

-Arne


__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • RE: USB rescue/boot disk
    ... You'd wear out your memory stick in no time. ... Do You Yahoo!? ... Mail has the best spam protection around ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Re: Xfce eating memory?
    ... Subject: Xfce eating memory? ... Do You Yahoo!? ... Mail has the best spam protection around ...
    (Debian-User)
  • Re: memory.c - bad pmd - x86_64
    ... I had the same problem with memory, but I was unfortunatly on Windows ... DONT KILL THE NEWBIE ... Do You Yahoo!? ... Mail has the best spam protection around ...
    (Fedora)
  • FC4 - Does Fedora recognizes memory?
    ... I intend to add more memory to my ... Does Fedora recognizes the ... Do You Yahoo!? ... Mail has the best spam protection around ...
    (Fedora)
  • [ Advisory ] New Yhaoo-Messenger client bug ( Insecure memory management )
    ... after sending two posts to Yahoo Inc. and receiving ... the YIM client have ability to store your ... =| stored password in memory ...
    (Security-Basics)