Bug: sensitive data written to insecure memory
Florian Weimer
fw at deneb.enyo.de
Wed Apr 4 17:30:05 CEST 2001
Werner Koch <wk at gnupg.org> writes:
> But seems that it cannot be done easly in Linux. You have to watch
> out for very masty race conditions.
This is an issue only with the simple-minded approach of swapping to
an encrypted block device. A clean integration of swap encryption in
the swapping/paging code shouldn't have this problem. This is
probably still a lot of work because usually, the implementation of
such services is scattered over several files in the Linux kernel.
[A few minutes later.] Well, I've looked at the code and it's not
very promising. The swapper code just passes the swap-in/swap-out
request via the file system/buffer cache to the block device layer.
There's no hook for an encryption/decryption routine. *sigh*
Maybe it's time to have a closer look at the Hurd.
> With a properly designed kernel these problems can be minimized.
> Not that easy with a one process kernel consisting of 2.6 million
> LOC (2.2.19) ;-)
2.2.x is not very problematic in comparison with 2.4.x, since the
latter introduces more fine-grained locking (and additional race
condition potential).
OTOH, I'm the last person claiming the Linux kernel is a maintainable
piece of software. ;-)
More information about the Gnupg-devel
mailing list