On Sat, Jan 23, 2016 at 12:17 PM, Mick <michaelkintz...@gmail.com> wrote: > I would have thought SSL certificates/keys would be protected in RAM, but if > you have a Man-In-The-Browser attack I guess they wouldn't be. >
As far as I'm aware linux doesn't do anything to protect process RAM from other processes with the same UID, at least not without SELinux and such. But, I could be wrong on that. I'd expect that malware running under your uid or of course as root could read your browser's RAM. -- Rich
