From owner-freebsd-hackers Wed Jul 15 12:27:17 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA06213 for freebsd-hackers-outgoing; Wed, 15 Jul 1998 12:27:17 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from firebat.wolfepub.com (firebat.wolfepub.com [206.250.193.44]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA06205 for ; Wed, 15 Jul 1998 12:27:14 -0700 (PDT) (envelope-from matthew@wolfepub.com) Received: from ricecake.fastnet0.net (niu-ppp134.triton.net [209.172.4.134]) by firebat.wolfepub.com (8.9.0/8.9.0) with SMTP id PAA15043 for ; Wed, 15 Jul 1998 15:25:08 -0400 (EDT) Message-Id: <3.0.3.32.19980715153323.00733ab8@wolfepub.com> X-Sender: matthew@wolfepub.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 15 Jul 1998 15:33:23 -0400 To: hackers@FreeBSD.ORG From: Matthew Hagerty Subject: Protecting data in memory Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Greetings, Is there any way to protect a programs memory space from all users, even root? I am developing an encryption program that has to run as a daemon. Upon start-up the program would prompt for the key, then slip into daemon land. If the server is compromised (root access is gained) can I prevent the cracker from reading the program's memory and gaining access to the key data? As long as I can keep the key secure, the data should be safe (I'm using IDEA in chain-block mode). I'm currently writing the program in C. If this is not possible (protecting the key), then can someone shed some light on how I can protect sensitive data on an on-line machine? I know, I know, but this data "has" to be on-line for processing that happens all day long. Thanks, Matthew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message