Bugtraq mailing list archives
Re: silc question - insecure memory
From: Florian Weimer <Weimer () CERT Uni-Stuttgart DE>
Date: Sat, 01 Feb 2003 14:44:56 +0100
cdowns <cdowns () angrypacket com> writes:
while screwing around tonight checking memory for the SSH2 advisory. I noticed passphrase and complete sessions from silc in memory. I dont know if this is normal for silc ( I wouldnt think it would be ) but all you need to do it is: cdowns@Vader:~$ sudo dd if=/dev/mem of=/home/cdowns/mem.dump | less ~cdowns/mem.dump then just search for you key phrase.
This is completely normal. On today's computers, you can process information unless it is stored in memory. Usually, this isn't a problem because the operating system will prevent other users from accessing such information. In some scenarios, paging to the swap area is a problem because such critical information might be stored persistently. If this is relevant in your environment, turn off swap or use an encrypted swap area. Some software (notably GnuPG) use calls to mlock() to prevent paging, but this practice is questionable: it introduces complexity which most users do not need, and according to POSIX.1-2001, mlock() does not prevent paging, but guarantees that this portion of the address space is never discarded (after it has been paged to disk, for example). -- Florian Weimer Weimer () CERT Uni-Stuttgart DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898
Current thread:
- silc question - insecure memory cdowns (Jan 31)
- Re: silc question - insecure memory Florian Weimer (Feb 05)