From owner-freebsd-security Sat Dec 1 17: 8:54 2001 Delivered-To: freebsd-security@freebsd.org Received: from pkl.net (spoon.pkl.net [212.111.57.14]) by hub.freebsd.org (Postfix) with ESMTP id 83D6537B405 for ; Sat, 1 Dec 2001 17:08:51 -0800 (PST) Received: from localhost (rik@localhost) by pkl.net (8.9.3/8.9.3) with ESMTP id BAA05670 for ; Sun, 2 Dec 2001 01:08:49 GMT Date: Sun, 2 Dec 2001 01:08:49 +0000 (GMT) From: freebsd-security@rikrose.net X-Sender: rik@pkl.net To: security@FreeBSD.ORG Subject: Re: philosophical question... In-Reply-To: <5.0.2.1.1.20011201171925.035156f8@popserver.sfu.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, 1 Dec 2001, Colin Percival wrote: > >Seems like an OpenBSD feature :P > Still, I have to agree that this sounds pretty OpenBSDish... looking at > the BSDs as a whole I'd say it would make sense for this to be added into > OpenBSD first and ported to FreeBSD once it has proved itself. Anyone mind if I start a discussion about encrypted swap? I know I had the option under OpenBSD (and yes, it was on), but I still don't understand the implications. At the lowest level, anyone who manages to get root on the box can't screw around with programs whose image and data has gone to swap, at least not in a non-fatal way, assuming theydon't know the seed for the random key for that block of memory (is it even done this way. this is my guess). However, there's still /dev/{k,}mem, etc, and I havent' put in the energy into thinking about it, aside from noticing it was missing. If it is deemed a vaguely sensible thing to do (by discussion on the list), could it be added to the "list of things to do" if it isn't already? I'm assuming the most sensible way to implement this is via a sysctl that become read-only, after the kernel is loaded, like hw.ata.atapi_dma. Anyway. Uhm. Is it sensible. If not, why not. Well, there is the argument about /dev/mem always being readble. I suppose as a security thing, this ought to be removed too... ACL's anyone? Well, this is far less coherent that I expected. responses? -- PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org Key fingerprint = 5EB1 4C63 9FAD D87B 854C 3DED 1408 ED77 D272 9A3F Public key also encoded with outguess on http://rikrose.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message