advertisement

Weblog:   New (local) Mac OS X vulnerability : Passwords in Swap files
Subject:   Nothing new and not just Macs
Date:   2004-06-28 08:59:34
From:   niteshd
Response to: Nothing new and not just Macs

Applications or binaries that work with passwords have the ability to use appropriate API to lock memory space holding sensitive data (as the BugTraq post says, one solution is to use mlock()) , so it is possible to prevent this. I don't care if it is not just a Mac problem, every operating system vendor should attempt to fix this. Apple is now one of them, and I hope they do something soon.
Full Threads Oldest First

Showing messages 1 through 2 of 2.

  • Nothing new and not just Macs
    2004-06-28 10:08:22  timharig [Reply | View]

    mlock() is only partially applicable. It does not prevent memory from being written to the disk during suspend for instanstance. While it can prevent the programs data from being swapped it does not nessessary prevent the entire programs memory, with stack, from being swapped.

    The only way that I know around this problem is to
    a. keep your system secure through other means
    b. turn off swapping entirely
    c. on Linux you can prevent a program from being swapped buy setting it suid which comes with other potential problems.

    Root can get the password without looking for passwords saved on the disk. False getty logins for instance.
    • Nothing new and not just Macs
      2004-06-28 10:29:02  timharig [Reply | View]

      Are passwords the only thing that you wish to mlock()? Should your browser be protected to prevent your credit card numbers from being written? What next. Your word processor because some of the files are encrypted with your passphrase or key? Will there be anything left that can be swapped out to conserve system resources?
Showing messages 1 through 2 of 2.