Date: Wed, 15 Jul 1998 15:47:46 -0500 (CDT) From: Joel Ray Holveck <joelh@gnu.org> To: matthew@wolfepub.com Cc: hackers@FreeBSD.ORG Subject: Re: Protecting data in memory Message-ID: <199807152047.PAA15101@detlev.UUCP> In-Reply-To: <3.0.3.32.19980715153323.00733ab8@wolfepub.com> (message from Matthew Hagerty on Wed, 15 Jul 1998 15:33:23 -0400) References: <3.0.3.32.19980715153323.00733ab8@wolfepub.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Is there any way to protect a programs memory space from all users, even > root? No. root always has access to all memory space. Consider: If it were otherwise, root could just patch the kernel and gain whatever access was needed. > I am developing an encryption program that has to run as a daemon. > Upon start-up the program would prompt for the key, Right there, you have a place where an intruder, if they have sufficient time and access, can gain access to your key. An intruder who gains root access can put a shell around your program and have the key delivered by email on a silver platter come next boot. Your design, if it is supposed to be secure against root compromise, is flawed. There aren't many designs that can withstand that. By using a hardware device with its own keypad to enter the key, and have it do the processing, then you can secure against key compromise. But then what about the plaintext as it's being sent to the daemon and the device? That could still be intercepted. (However, a plaintext compromise scenario often isn't as bad as a private key compromise scenario.) > If this is not possible (protecting the key), then can someone shed > some light on how I can protect sensitive data on an on-line > machine? I know, I know, but this data "has" to be on-line for > processing that happens all day long. Sorry. The best you can do is make it difficult for an intruder to compromise your machine. Normally, putting a firewall and other normal security measures between the secured network (your LAN or part of it) and the insecure access points (the Internet or the rest of your LAN or whatever) would be called for. You mentioned that your program is doing encryption, but you never said anything about decryption. If you're only doing encryption, look at public key. (Did you say you're using IDEA? There you have it.) This will still leave you vulnerable to trojan horse attacks (which means that plaintexts going to the daemon are vulnerable), but will mean that a compromised key alone would not give the intruder the ability to restore plaintexts from previously intercepted ciphertexts. (It would, however, give forging capabilities to the recipient.) Best, joelh -- Joel Ray Holveck - joelh@gnu.org - http://www.wp.com/piquan Fourth law of programming: Anything that can go wrong wi sendmail: segmentation violation - core dumped To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807152047.PAA15101>