[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?
-----BEGIN PGP SIGNED MESSAGE-----
The Friday 2005-11-18 at 02:26 +0100, miguel gmail wrote:
> Sorry to break the thread... but, what's the point to encrypt the swap?
Thinking aloud [.....] a swap device might be readable by some users,
while the system is running. Lets see, mine has permissions:
brw-rw---- 1 root disk 3, 9 2005-10-07 02:48 /dev/hda9
so someone in group "disk" could do it (users can not read other users
memory, the kernel does not permit it). Otherwise, someone with physical
access to your PC might pull the plug at some inconvenient time, then use a
rescue CD thing to read the swap partition, that being as I said an
inconvenient time, might, for example, have the copy of an important
document that was swapped out from memory. Or [more thinking] when the
system is suspended to swap, all memory is swapped out, and then accessible
by the above method (although I don't know if a suspend to encrypted swap
works). For instance, while suspended, a normal encrypted partition
paraphrase is saved in clear in the swap, and therefore, vulnerable.
Just some ideas... perhaps there is something more.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Made with pgp4pine 1.76
-----END PGP SIGNATURE-----
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here