-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Again, disabling the swap partition (or placing the swap file > on an encrypted disk.. which would be hideously slow) and ensuring > the encryption program used does not write any intermediate files > to physical media is of paramount importance. It goes without > saying that other standard security practices should be followed.. > like making sure /dev/kmem is properly protected. SysV also has > a feature[1] that any one, or any program, can overlay its data > segment onto any other system, granting both read and write access. > Combined with some signal handlers and maybe an atomic operation or > two, one could easily force both the freenet software and/or the > encryption program used to divulge sensitive information. This only > underscores the need to establish the framework of a high trust > system -
If I would have to choose between disabling my swap or adding a kernel patch so all my hard disk is encrypted (including the swap partition) I would chooce the later. Maybe create an unencrypted partition for non-sensitive information and programs. - --typo -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOaBSzJQNRHU3kL7SEQIm/QCfamBwuqH8pKkrVgjwKN4rF5SB9t0An0aN SnMW+s8JtWJfVmvJyklwCP6b =cZSP -----END PGP SIGNATURE----- _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
