Warning messages.
Pete Chown
Pete.Chown@skygate.co.uk
Mon, 28 Jun 1999 13:42:33 +0100
Michael Roth wrote:
> When you think about you will note that everone who is able to get access
> with privileges to read out the paging area of the disk is also able to
> manipulate the system in all possible ways including substituting the gpg
> binary with a manipulated one.
Isn't the problem that things written to the paging area can be read out
after the event? If I was raided by the secret police, there might be
something in my paging file that they could use. On the other hand, if
they gave me the machine back I would be unlikely to use it without
checking very carefully that the gpg binary (and kernel, etc.) had not
been interfered with.
What would be quite nice is a way of telling the kernel that a
particular page must be encrypted before being written to swap. If the
machine is powered off, the session key is lost and so the page is
unrecoverable. This would be better than locking a page in physical
memory because there would be no need to restrict its use. The CPU time
taken to encrypt and decrypt would be charged to the process concerned
so it would not introduce any scheduling "unfairness".
-----------------------------------------------------------------------
Pete Chown, email pc@skygate.co.uk, phone +44 (0) 181 680 8393,
fax +44 (0) 181 688 8013, mobile +44 (0) 468 765 645,
post 58 Foss Avenue, Croydon, CR0 4EU, England