Re: Security of data in memory
From: Glynn Clements (glynn.clements@virgin.net)Date: 12/26/01
- Previous message: Wichert Akkerman: "Re: Security of data in memory"
- In reply to: Nicholas Brawn: "Security of data in memory"
- Next in thread: Gushterul: "Re: Security of data in memory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Glynn Clements <glynn.clements@virgin.net> Date: Wed, 26 Dec 2001 22:28:58 +0000 To: Nicholas Brawn <ncb@pobox.com>
Nicholas Brawn wrote:
> I have a unix program that reads in an encrypted file, decrypts it and
> works on it whilst in memory. What security considerations should I be
> aware of? I'm thinking of things like clearing the decrypted buffer
> prior to exiting, not storing any of the data in a temporary file, etc.
Actually, you may be better off storing the plaintext in an mmap()d
file.
Storing it "in memory" risks having it written out to swap, and there
isn't any reliable way of wiping it from swap. Unfortunately, you
can't, in general, rely upon mlock(). On some systems (e.g. Linux),
mlock() requires root privilege. On others, it depends upon resource
limit settings (RLIMIT_MEMLOCK).
If you use an mmap()d file (with MAP_SHARED), it shouldn't be written
to swap, and you can wipe the file once you are finished. The main
issue here is whether the underlying filesystem allows you to reliably
overwrite data.
BTW, be sure to create the file without any excess permissions, e.g.
open(..., 0600).
-- Glynn Clements <glynn.clements@virgin.net>
- Previous message: Wichert Akkerman: "Re: Security of data in memory"
- In reply to: Nicholas Brawn: "Security of data in memory"
- Next in thread: Gushterul: "Re: Security of data in memory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
