Date: Mon, 27 Aug 2001 20:54:00 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Mixtim <mixtim@mixtim.homeip.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: encrypted swap Message-ID: <20010827205400.C50037@xor.obsecurity.org> In-Reply-To: <20010827221830.A92367@mixtim.homeip.net>; from mixtim@mixtim.homeip.net on Mon, Aug 27, 2001 at 10:18:30PM -0400 References: <20010827090337.21931.qmail@web10406.mail.yahoo.com> <01082721591401.26623@i8k.babbleon.org> <20010827221830.A92367@mixtim.homeip.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--iFRdW5/EC4oqxDHL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 27, 2001 at 10:18:30PM -0400, Mixtim wrote: > > Remember, anybody who can read swap on the live machine must have root > > access, in which case they can read /dev/kmem, in which case, > > encrypting swap won't protect you. >=20 > They can remove your hard drive and stick it into a machine where they > do have root. So yes, encrypted swap does protect you. I'm not denying the usefulness or lack thereof of encrypted swap, but you need to consider carefully exactly what your threat model is. For example, if your attacker has physical access to the HD, they can insert backdoor code into the OS stored on the HD to obtain full kernel privileges no matter whether encrypted swap is enabled or not. It's important to define the intended goals of your security policy and then make sure they are actually achieved by the available security features. Kris --iFRdW5/EC4oqxDHL Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7ixXYWry0BWjoQKURAnYUAKCfsDKF4lIS7VAM+/edoUEgPZQLFgCdGi7r hwKePFvHlt9wsV1HPPEoalQ= =rP74 -----END PGP SIGNATURE----- --iFRdW5/EC4oqxDHL-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010827205400.C50037>