Re: silc question - insecure memory

[Florian Weimer <Weimer () CERT Uni-Stuttgart DE>]

cdowns <cdowns () angrypacket com> writes:

>     while screwing around tonight checking memory for the SSH2
> advisory.  I noticed passphrase and complete sessions from silc in
> memory. I dont know if this is normal for silc ( I wouldnt think it
> would be ) but all you need to do it is:
>
> cdowns@Vader:~$ sudo dd if=/dev/mem of=/home/cdowns/mem.dump | less
> ~cdowns/mem.dump
>
> then just search for you key phrase.

This is completely normal.  On today's computers, you can process
information unless it is stored in memory.

Usually, this isn't a problem because the operating system will
prevent other users from accessing such information.  In some
scenarios, paging to the swap area is a problem because such critical
information might be stored persistently.  If this is relevant in your
environment, turn off swap or use an encrypted swap area.  Some
software (notably GnuPG) use calls to mlock() to prevent paging, but
this practice is questionable: it introduces complexity which most
users do not need, and according to POSIX.1-2001, mlock() does not
prevent paging, but guarantees that this portion of the address space
is never discarded (after it has been paged to disk, for example).

-- 
Florian Weimer                    Weimer () CERT Uni-Stuttgart DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898