Re: Security of data in memory

From: Matthew Cline (matt@nightrealms.com)
Date: 01/17/02


From: Matthew Cline <matt@nightrealms.com>
To: secprog@securityfocus.com
Date: Wed, 16 Jan 2002 15:44:34 -0800


> On Tue, 2001-12-25 at 13:31, Nicholas Brawn wrote:
> > I have a unix program that reads in an encrypted file, decrypts it and
> > works on it whilst in memory. What security considerations should I be
> > aware of? I'm thinking of things like clearing the decrypted buffer
> > prior to exiting, not storing any of the data in a temporary file, etc.

On UNIX GnuPG (http://www.gnupg.org) can, if installed SUID root, locks
memory pages to prevent them from being swapped out to disk.

-- 
http://dmoz.org                  | Give a man a match, and he'll be warm for a
                                 | minute, but light him on fire, and he'll be
The world's largest human edited | warm for the rest of his life.
edited web directory directory   |



Relevant Pages

  • Re: Security of data in memory
    ... >>>I have a unix program that reads in an encrypted file, decrypts it and ... >memory pages to prevent them from being swapped out to disk. ...
    (SecProg)
  • Re: Security of data in memory
    ... > I have a unix program that reads in an encrypted file, decrypts it and ... > works on it whilst in memory. ...
    (SecProg)
  • Security of data in memory
    ... I have a unix program that reads in an encrypted file, decrypts it and ... works on it whilst in memory. ... What security considerations should I be ...
    (SecProg)
  • Re: Security of data in memory
    ... > I have a unix program that reads in an encrypted file, decrypts it and ... > prior to exiting, not storing any of the data in a temporary file, etc. ... Storing it "in memory" risks having it written out to swap, ...
    (SecProg)
  • Re: Security of data in memory
    ... > I have a unix program that reads in an encrypted file, decrypts it and ... What security considerations should I be ... core dumping. ...
    (SecProg)