From owner-freebsd-hackers  Thu Aug 20 15:10:46 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA06673
          for freebsd-hackers-outgoing; Thu, 20 Aug 1998 15:10:46 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from smtp01.primenet.com (smtp01.primenet.com [206.165.6.131])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA06667
          for <freebsd-hackers@FreeBSD.ORG>; Thu, 20 Aug 1998 15:10:44 -0700 (PDT)
          (envelope-from tlambert@usr04.primenet.com)
Received: (from daemon@localhost)
	by smtp01.primenet.com (8.8.8/8.8.8) id PAA23817;
	Thu, 20 Aug 1998 15:10:05 -0700 (MST)
Received: from usr04.primenet.com(206.165.6.204)
 via SMTP by smtp01.primenet.com, id smtpd023797; Thu Aug 20 15:10:03 1998
Received: (from tlambert@localhost)
	by usr04.primenet.com (8.8.5/8.8.5) id PAA28020;
	Thu, 20 Aug 1998 15:10:02 -0700 (MST)
From: Terry Lambert <tlambert@primenet.com>
Message-Id: <199808202210.PAA28020@usr04.primenet.com>
Subject: Re: Trapping memory
To: matthew@wolfepub.com (Matthew Hagerty)
Date: Thu, 20 Aug 1998 22:10:02 +0000 (GMT)
Cc: freebsd-hackers@FreeBSD.ORG
In-Reply-To: <3.0.3.32.19980820101150.006c0da8@wolfepub.com> from "Matthew Hagerty" at Aug 20, 98 10:11:50 am
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> Is there some way to trap or detect when some other program is trying to
> read memory used by another program?

Yes, the program attempting to do the read segfaults.

It seems your question would be better formulated as "is there any
way to ask the kernel to tell me that someone is reading my pages
out of /dev/mem"?

The answer is "no"; pages do not have credentials, only page maps,
and then only because of their association with a process.

For higher "secure levels", access to /dev/mem is denied, as is
access to /dev/kmem and the loading of kernel modules.


> For example, I have an encryption/decryption daemon that holds its key in
> memory.  I have been told that there is really no way to protect the memory
> used by the daemon in the case of a root compromise.  However, if I could
> somehow detect another program trying to access my daemon's memory space,
> then I could have the daemon dump the key and shutdown.

If root is compromised, they can relax the secure level on the next
boot.  They can also load kernel modules to disable any monitoring
they want, before  they raise the secure level and give you a false
sense of security.


> Any insight would be greatly appreciated.

Do an Altavista search on "Capabilities".

Really, there is no way to make it so that your privacy isn't at the
mercy of whoever controls your hardware.  The worst case, they can
install dual ported RAM or a RAM emulator, and merely read the data
out without impacting the OS's knowledge of whether or not this has
happened.


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message