Re: [PATCH encrypted swsusp 1/3] core functionality

[Pavel Machek]

On Ät 14-04-05 09:10:44, Herbert Xu wrote:
> On Thu, Apr 14, 2005 at 12:29:36AM +0200, Andreas Steinmetz wrote:
> >
> > > Why is that? In the case of swap over dmcrypt, swsusp never reads/writes
> > > the disk directly.  All operations are done through dmcrypt.
> > > 
> > > The user has to enter a password before the system can be resumed.
> > 
> > Think of it the following way: user suspend and later resumes. During
> > suspend some mlocked memory e.g. from ssh-agent gets dumped to swap.
> > Some days later the system gets broken in from a remote place.
> > Unfortunately the ssh keys are still on swap (assuming that ssh-agent is
> > not running then) and can be recovered by the intruder. The intruder can
> 
> The ssh keys are *encrypted* in the swap when dmcrypt is used.
> When the swap runs over dmcrypt all writes including those from
> swsusp are encrypted.

Andreas is right. They are encrypted in swap, but they should not be
there at all. And they are encrypted by key that is still available
after resume. Bad.

First version simply overwrote suspend image in swap with zeros. This
is more clever way to do same thing.

								Pavel
-- 
Boycott Kodak -- for their patent abuse against Java.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/