RE: crypted swapspace?

Andre Hedrick (Fabian.Frederick@prov-liege.be)
Tue, 14 Dec 1999 14:37:45 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Chris Evans: "Re: 2.3.32-pre4/SMP still doesn't boot on Compaq Proliant 1600"
Previous message: Andre Hedrick: "Re: ide config patchlet"

> I suddenly realised that if your system crashes or reboots in
> a not so clean
> way, all
> kinds of sensitive data may end up in the swapfile, readable for every
> malicious user
> with a bootdisk.
> As far as I know, it is not possible for unprivilidged users
> to lock pages
> permanently
> in RAM, so another approach should be taken.
> The most preferable way would be a crypted-filesystem wherein
> you would have
> a swap-
> file. All of that outside the kernel. Is it possible to swap
> to something
> controlled
> by a userprocess? Or is a specific crypted swapper more appropriate?
Swapfiles are already too time consuming against swap disks.
AFAIK nothing in that domain has been implemented yet but
it should be kswap module relevant.
Maybe you could take benefit of new hardware crypting ???
btw, any malicious user can go anywhere with a bootdisk
taking advantage of any _original_ file so don't worry !
What would be more interesting is the way system's recovered
after a crash ... mounting that crashed volume from elsewhere
should generate syncing so that you won't be able to see
a _real_ image of the swap (that one's kept for partitioning
concept that's all).

Regards, Fabian

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Evans: "Re: 2.3.32-pre4/SMP still doesn't boot on Compaq Proliant 1600"
Previous message: Andre Hedrick: "Re: ide config patchlet"