Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 19 Jul 2000 08:58:51 -0600 (MDT)
From:      "David G. Andersen" <dga@POBOX.COM>
To:        sheldonh@uunet.co.za (Sheldon Hearn)
Cc:        silby@silby.com (Mike Silbersack), watchman@ludd.luth.se (Joachim =?iso-8859-1?Q?Str=F6mbergson?=), glewis@trc.adelaide.edu.au (Greg Lewis), freebsd-security@FreeBSD.ORG
Subject:   Re: Status of FreeBSD security work? Audit, regression and crypto swap?
Message-ID:  <200007191458.IAA08077@faith.cs.utah.edu>
In-Reply-To: <30869.963985360@axl.ops.uunet.co.za> from "Sheldon Hearn" at Jul 19, 2000 07:42:40 AM
next in thread | previous in thread | raw e-mail | index | archive | help 
Lo and behold, Sheldon Hearn once said:
> 
> On Tue, 18 Jul 2000 18:44:28 EST, Mike Silbersack wrote:
> 
> > Hence, one obtaining access to the swap file does have greater
> > knowledge than they would with a crypted swap.  His paper seems well
> > written, I suggest that you read it.
> 
> I read some of it.  Two things occur to me:
> 
> 1) It's close to a waste of time in the absence of crypted filesystems.
> 
> 2) The kind of access required to read the swap device usually implies a
>    much more serious issue than a crypted swap is going to help you
>    with.

  That's not really true, actually.  If someone breaks into your apartment
and snags your hard disks, they may potentially be able to get a lot more
information out of it if you have available swap.  For instance, grepping
through my swap partition last night, I noticed that the contents of some
of my xterm scrollback buffers were stored in there - that's not
information someone would be able to obtain ordinarily if you'd shut your
computer down.

> That said, it _does_ provide some kind of damage control.  It's just not
> as useful as people sometimes assume. :-)

  Few things are.  There's likely more information stored on filesystems
that people don't want lingering around even after repeated overwrites,
but swap has the potential to store things behind your back - even if you
and your programs are careful to never write them to disk.

  -Dave

-- 
work: dga@lcs.mit.edu                          me:  dga@pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007191458.IAA08077>