From owner-freebsd-security@FreeBSD.ORG Mon Jun 19 10:43:04 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 77E7016A47B for ; Mon, 19 Jun 2006 10:43:04 +0000 (UTC) (envelope-from arne_woerner@yahoo.com) Received: from web30312.mail.mud.yahoo.com (web30312.mail.mud.yahoo.com [68.142.201.230]) by mx1.FreeBSD.org (Postfix) with SMTP id A4BCD43D67 for ; Mon, 19 Jun 2006 10:42:58 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: (qmail 66214 invoked by uid 60001); 19 Jun 2006 10:42:58 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=gGGRdVed3Kiv/bsdLuYcQcqj8IK2XKLtNplnejsMdDPSU8fF8Ua05KYfb7rmkFu1YyPjFWCP588Q74FzzDgzlIF7RWmsGwhTw5ZN9pwTds11UpOiVVH/taI40Pj7JvywKlo7DttghvbSyUi4HKAS5JTLB5C+p+NqLLb3LKV/zzI= ; Message-ID: <20060619104258.66212.qmail@web30312.mail.mud.yahoo.com> Received: from [213.54.84.110] by web30312.mail.mud.yahoo.com via HTTP; Mon, 19 Jun 2006 03:42:58 PDT Date: Mon, 19 Jun 2006 03:42:58 -0700 (PDT) From: "R. B. Riddick" To: Dan Lukes , freebsd-security@freebsd.org In-Reply-To: <44967861.6070509@obluda.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: Subject: Re: memory pages nulling when releasing X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jun 2006 10:43:04 -0000 --- Dan Lukes wrote: > [...] Thus, keeping sensitive informations within memory for short > time only MAY reduce the risk level. The intruder need wait for > information to appear in memory again - but it cost time. [...] > That is true - it costs time... But if a bad guy has already root access it does not really matter, (aa) if he has to wait for some minutes or hours, or (bb) if he has just a small time window or (cc) if he can immediately start with scanning for secrets in /dev/mem. I say, in that case there is no security (it might be even possible to present the old state of the system to the outside via a modified kernel, that has "very strange ideas" about the correct results of certain syscalls, and that gets activated after a spontaneous reboot due to non-further specified reasons (maybe due to a power failure or a failure in the old UPS-device or a mobile phone that somebody possibly used inside the fully air-conditioned centre?; does somebody know, what "dd if=/dev/zero of=/dev/mem" does?)...)... As far as I understood the answers so far, OpenSSH and such tools are aware of that slightly increased risk, so that they zero the memory areas that contained sensitive data as soon as they are not needed anymore... So everything is fine and alright... ;-)) :-)) -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com