Date: Thu, 20 Aug 1998 15:58:26 +0000 From: Mike Smith <mike@smith.net.au> To: Matthew Hagerty <matthew@wolfepub.com> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Trapping memory Message-ID: <199808201558.PAA00613@dingo.cdrom.com> In-Reply-To: Your message of "Thu, 20 Aug 1998 10:11:50 -0400." <3.0.3.32.19980820101150.006c0da8@wolfepub.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Is there some way to trap or detect when some other program is trying to > read memory used by another program? You could implement a kernel extension to provide this support. > For example, I have an encryption/decryption daemon that holds its key in > memory. I have been told that there is really no way to protect the memory > used by the daemon in the case of a root compromise. However, if I could > somehow detect another program trying to access my daemon's memory space, > then I could have the daemon dump the key and shutdown. > > Any insight would be greatly appreciated. A root compromise would be able to defeat the detection mechanism. You could increase the difficulty of recovering the key slightly by obfuscating its storage, but protecting it completely would require kernel modifications which could be reversed/removed/faked around by a sufficiently persistent attacker. -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808201558.PAA00613>