From owner-freebsd-security  Wed Jul 19 13:56:18 2000
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 2A87737BE86
	for <freebsd-security@FreeBSD.ORG>; Wed, 19 Jul 2000 13:56:14 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.9.3/8.9.3) with SMTP id QAA73421;
	Wed, 19 Jul 2000 16:55:35 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Wed, 19 Jul 2000 16:55:34 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.ORG>
X-Sender: robert@fledge.watson.org
To: Mike Silbersack <silby@silby.com>
Cc: Sheldon Hearn <sheldonh@uunet.co.za>,
	Joachim =?iso-8859-1?Q?Str=F6mbergson?= <watchman@ludd.luth.se>,
	Greg Lewis <glewis@trc.adelaide.edu.au>, freebsd-security@FreeBSD.ORG
Subject: Re: Status of FreeBSD security work? Audit, regression and crypto swap? 
In-Reply-To: <Pine.BSF.4.21.0007181838570.28415-100000@achilles.silby.com>
Message-ID: <Pine.NEB.3.96L.1000719165025.73365A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 18 Jul 2000, Mike Silbersack wrote:

> On Tue, 18 Jul 2000, Sheldon Hearn wrote:
> 
> > Is it really cool?  I've always thought that crypted swap is a waste of
> > time, given the fact that access to the swap device implies far more
> > serious problems already.  Now that we have a reference to Niels' paper,
> > though, we can see what his motivation for developing this was.
> 
> Well, according to Niels's research, he found old passwords, passphrases,
> and many other such pieces of data sitting around in his swap
> file.  Hence, one obtaining access to the swap file does have greater
> knowledge than they would with a crypted swap.  His paper seems well
> written, I suggest that you read it.

I've broken systems in test environments using exploited kmem access to
extract password information from mbufs.  Access to kernel memory space,
be it via persistent swap or live /dev/mem or /dev/kmem, is a big no-no
from a security perspective.

Personally, my big fear is my notebook computer.  I can encrypt data on it
using command line tools, but I'd much rather see a device layer that I
can use to protect both swap and sensitive partitions.  Swap could use a
randomized key, and mounting of data partitions could rely on a
user-provided key for the device layer.  A crypto-fs might be more fun,
but if we have the facility to layer device access, we might as well use
that for a quicky solution.  It's easy for someone to walk off with
personal computing devices -- in the office, at home, at the airport, ...

  Robert N M Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message