[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Linux security issues

>Actually keeping the pass phrase out of swap space is fairly easy (although
>I havn't looked at the PGP code to see if it actually does this).
>However, the pass phrase is not the only dangerous information.
>N.B. This problem affects all virtual memory operation systems.

Not all of them.  In at least one (VMS) you can pin pages in physical 
i.e., prevent them from being written to disk.  Actually, any OS that does 
directly to user pages has that capability in the kernel; in the case of VMS
(and possibly others, I don't know) it also exists as a system service that
applications can invoke.

This solves the problem: you can pin a suitable number of pages, and put
your sensitive data buffers there.