Re: Security of data in memory
From: Rodrigo Barbosa (rodrigob@bh.conectiva.com.br)Date: 12/26/01
- Previous message: Chris Holloway: "Re: Security of data in memory"
- In reply to: Nicholas Brawn: "Security of data in memory"
- Next in thread: Peter Jeremy: "Re: Security of data in memory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 26 Dec 2001 17:00:30 -0200 From: Rodrigo Barbosa <rodrigob@bh.conectiva.com.br> To: secprog@securityfocus.com
On Wed, Dec 26, 2001 at 12:31:16AM +1100, Nicholas Brawn wrote:
> I have a unix program that reads in an encrypted file, decrypts it and
> works on it whilst in memory. What security considerations should I be
> aware of? I'm thinking of things like clearing the decrypted buffer
> prior to exiting, not storing any of the data in a temporary file, etc.
A small trick I always do when handling sentitive material, it to block
core dumping. So, even if the program crashes, no core file is created.
void nocore ( void ) {
struct rlimit rlim;
/* Redundant, but better safe than sorry */
rlim.rlim_max=0;
rlim.rlim_cur=0;
setrlimit (RLIMIT_CORE,&rlim);
}
-- Rodrigo Barbosa - rodrigob at bh.conectiva.com.br Conectiva S/A - Belo Horizonte, MG, Brazil "Quis custodiet ipsos custodiet?" - http://www.conectiva.com/
- application/pgp-signature attachment: stored
- Previous message: Chris Holloway: "Re: Security of data in memory"
- In reply to: Nicholas Brawn: "Security of data in memory"
- Next in thread: Peter Jeremy: "Re: Security of data in memory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
