From owner-freebsd-hackers@FreeBSD.ORG  Fri Feb 22 09:32:19 2008
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E6C8316A406
	for <freebsd-hackers@FreeBSD.ORG>; Fri, 22 Feb 2008 09:32:19 +0000 (UTC)
	(envelope-from xistence@0x58.com)
Received: from mailexchange.osnn.net (1e.66.5646.static.theplanet.com
	[70.86.102.30]) by mx1.freebsd.org (Postfix) with SMTP id BE9B013C4E7
	for <freebsd-hackers@FreeBSD.ORG>; Fri, 22 Feb 2008 09:32:19 +0000 (UTC)
	(envelope-from xistence@0x58.com)
Received: (qmail 21440 invoked by uid 0); 22 Feb 2008 09:32:19 -0000
Received: from unknown (HELO wideload.network.lan)
	(xistence@0x58.com@68.228.228.123)
	by mailexchange.osnn.net with SMTP; 22 Feb 2008 09:32:19 -0000
Message-Id: <689B489C-D63C-4BA4-BA13-A9429032CB8B@0x58.com>
From: Bert JW Regeer <xistence@0x58.com>
To: Jeremy Chadwick <koitsu@FreeBSD.org>
In-Reply-To: <20080222092506.GA25704@eos.sc1.parodius.com>
Content-Type: multipart/signed; boundary=Apple-Mail-1--120283250; micalg=sha1;
	protocol="application/pkcs7-signature"
Mime-Version: 1.0 (Apple Message framework v919.2)
Date: Fri, 22 Feb 2008 02:31:39 -0700
References: <200802212229.40988.gizmen@blurp.pl>
	<200802220828.m1M8SZkj097645@lurza.secnetix.de>
	<20080222092506.GA25704@eos.sc1.parodius.com>
X-Mailer: Apple Mail (2.919.2)
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: FreeBSD Hackers <freebsd-hackers@FreeBSD.ORG>
Subject: Re: memory not cleared on reboot (Was: cool feature of dmesg.boot
	file)
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2008 09:32:20 -0000


--Apple-Mail-1--120283250
Content-Type: text/plain;
	charset=US-ASCII;
	format=flowed;
	delsp=yes
Content-Transfer-Encoding: 7bit


On Feb 22, 2008, at 02:25 , Jeremy Chadwick wrote:

> [...]
>
> Interesting tidbit: We have one production machine which when booted
> into single-user via serial console for a world install, retains all  
> of
> the output from that single-user session even once rebooted and  
> brought
> back into multi-user mode.  This poses a substantial security risk,
> especially during the mergemaster phase (we can discuss why if  
> anyone is
> curious).
>
> -- 
> | Jeremy Chadwick                                    jdc at  
> parodius.com |
> | Parodius Networking                           http://www.parodius.com/ 
>  |
> | UNIX Systems Administrator                      Mountain View, CA,  
> USA |
> | Making life hard for others since 1977.                  PGP:  
> 4BD6C0CB |


This is more scary:

http://www.engadget.com/2008/02/21/cold-boot-disk-encryption-attack-is-shockingly-effective/

Which is the exact effect you are seeing.

Cheerio,
Bert JW Regeer
--Apple-Mail-1--120283250--