advertisement

Weblog:   New (local) Mac OS X vulnerability : Passwords in Swap files
Subject:   Nothing new and not just Macs
Date:   2004-06-28 08:03:00
From:   timharig
This is not new and it is not just a Mac problem. This is why so many passwords, credit card numbers, etc. are found on old hard drives. The same thing happens in Windows, Unix, and any other operating system that uses virtual memory. The only problem is Macs so brilliant ideas to store passwords in a an appication so that they can be swapped to a disk although ssh and pgp/gpg key agents have a simular program. Also note that anything you type into a browser might also be swapped to the disk. If you have typed passwords, SSNs, credit card numbers into a site such as Ebay, then you need to assume that those numbers are stored on your hard disk. The only solution is to prevent trojans/crackers etc. out of your system and to make sure to wipe your disks clean before you ever discard them. Most people think that a reformat will distroy this information. The only way to insure that it is gone is to write over each sector specifically. Preferably several times using different data patterns, ie, all zeros and all ones.
Full Threads Oldest First

Showing messages 1 through 4 of 4.

  • Nitesh Dhanjani photo Nothing new and not just Macs
    2004-06-28 08:59:34  Nitesh Dhanjani | O'Reilly AuthorO'Reilly Blogger [Reply | View]

    Applications or binaries that work with passwords have the ability to use appropriate API to lock memory space holding sensitive data (as the BugTraq post says, one solution is to use mlock()) , so it is possible to prevent this. I don't care if it is not just a Mac problem, every operating system vendor should attempt to fix this. Apple is now one of them, and I hope they do something soon.
    • Nothing new and not just Macs
      2004-06-28 10:08:22  timharig [Reply | View]

      mlock() is only partially applicable. It does not prevent memory from being written to the disk during suspend for instanstance. While it can prevent the programs data from being swapped it does not nessessary prevent the entire programs memory, with stack, from being swapped.

      The only way that I know around this problem is to
      a. keep your system secure through other means
      b. turn off swapping entirely
      c. on Linux you can prevent a program from being swapped buy setting it suid which comes with other potential problems.

      Root can get the password without looking for passwords saved on the disk. False getty logins for instance.
      • Nothing new and not just Macs
        2004-06-28 10:29:02  timharig [Reply | View]

        Are passwords the only thing that you wish to mlock()? Should your browser be protected to prevent your credit card numbers from being written? What next. Your word processor because some of the files are encrypted with your passphrase or key? Will there be anything left that can be swapped out to conserve system resources?
  • [followup]Nothing new and not just Macs
    2004-06-28 08:12:13  timharig [Reply | View]

    It is of course possible to turn swapping off. At least it is under Linux: swapoff -a. That may not however be such a good thing either. There was some debate about this in lkml some time ago.
Showing messages 1 through 4 of 4.