Warning messages.

Rich Derr rhd-gpg@webdesigngroup.com
Sat, 26 Jun 1999 09:48:39 -0500

#define PARANOID

On Sat, Jun 26, 1999 at 12:21:44AM +0200, Michael Roth wrote:

> When you think about you will note that everone who is able to get access
> with privileges to read out the paging area of the disk is also able to
> manipulate the system in all possible ways including substituting the gpg
> binary with a manipulated one.
Think outside the box. An attacker can walk into your server room and walk out with your box without breaking root. I can encrypt my filesystems so that I need to enter a key from the console to boot. I can't encrypt my swap. (I wonder if there's a Linux or BSD patch to do that? You "just" need to figure out how to find some entropy at system boot- time, then keep your key in the kernel's data space. The swap contents are worthless anyway if you lose the running system, so the key need never go near permanent storage.) One effect of mlock() is to protect, in software, against a physical deficiency in security. I don't think there's an instrument that can read SDRAM chips through the ceramic housing, or at least not a portable unit, so RAM is one of damn few things we can consider tamper-proof.
> In my view (and many others) their is absolutly no security improvement by
> protecting memory pages from writing them to disk. As noted by someone
> else you can switch off the warning message with --no-secmem-warning.
Let's say you use gpg today and I mount a big DoS attack on your system that gets the critical page swapped out for just a second. You get the correct results, but even so you notice the attack and never fully trust the system again. But it's a system you can't take down for whatever reason. Next month I get a hold of a root exploit for your system just before you patch it. I sneak in, take a snapshot of your swap space (and of course your files), cover my tracks and get out, never to be seen again. Yes, in (#ifdef PARANOID\n#define theory fact\n#endif) theory any root compromise forever taints a system. The problem with not locking in the private key is that it can be compromised after gpg terminates so that a root compromise can go back in time. I personally just turn off the warning for my everyday use, but not when it's protecting something worth enough that there are parties who *will* attempt to steal it. So I counter the view of "absolutely" no improvement. I'm happy with the current state of affairs, although I wish my preferred OS allowed non-root mlock() with an rlimit on it (which could default to 0). #ifndef PARANOID I'm just nitpicking. #else The warning is there for a reason. #endif Off-topic (but with obvious relevance): Linux 2.0 is widely reported as unstable without any swap space. Is it stable with a 1M ramdisk as the only swap? -- Rich Derr, sysadmin Have ssh, Will Telecommute Web Design Group www.webdesigngroup.com TEL: +1 312 951 6688