Date: Mon, 14 Jun 2010 04:00:52 +0200 From: "C. P. Ghost" <cpghost@cordula.ws> To: Peter Jeremy <peterjeremy@acm.org> Cc: =?ISO-8859-1?Q?Dag=2DErling_Sm=F8rgrav?= <des@des.no>, current@freebsd.org Subject: Re: Protecting sensitive data [was Re: Cleanup for cryptographic algorithms vs. compiler optimizations] Message-ID: <AANLkTimdhlZ4o2FmjAKDLOJ0eGU_23l_-wY_d2SmqpMa@mail.gmail.com> In-Reply-To: <20100614005444.GA57650@server.vk2pj.dyndns.org> References: <20100614005444.GA57650@server.vk2pj.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
2010/6/14 Peter Jeremy <peterjeremy@acm.org>: > On 2010-Jun-13 10:07:15 +0200, Dag-Erling Sm=F8rgrav <des@des.no> wrote: >>You always overwrite passphrases, keys etc. as soon as you're done with >>them so they don't end up in a crash dump or on a swap disk or >>something. > > Which brings up an associated issue: By default, mlock(2) can only be > used by root processes. =A0It would be really handy if non-privileged > processes could lock small amounts of VM so they can securely handle > passwords, passphrases, keys, etc. =A0MAC offers the option of allowing > non-root processes access to mlock() but doesn't provide any > restrictions on the amount of memory they can lock. Interesting! >From an admin point of view, this behavior could them be enabled or disabled via sysctl(8), and this sysctl variable could define what "small" means exactly (#nr of pages per process maybe?) Another sysctl variable should probably define how many pages can be locked in general by all non-privileged processes, to prevent malicious programs like fork bombs to mlock the whole memory. > Peter Jeremy -cpghost. --=20 Cordula's Web. http://www.cordula.ws/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTimdhlZ4o2FmjAKDLOJ0eGU_23l_-wY_d2SmqpMa>