On Sun, Jun 05, 2005 at 03:45:14PM -0600, Archaic wrote:
> On Sun, Jun 05, 2005 at 10:50:11PM +0200, Joachim Schipper wrote:
> >
> > Quite a few 'secure' programs take great care not to allow data to leak
> > to disk; however, only a couple also make sure it does not leak to swap.
>
> But how is a non-root user supposed to read it?
He can't (or you've got another, more serious problem, like mode 644 on
/dev/hd*) - but he can boot Knoppix, provided he has physical access.
The use of encrypting swap is not in safeguarding data that is on your
disk, obviously - it's in making sure that data that shouldn't be on the
disk isn't, or at least not in a readable way.
Quite a few programs have safeguards against direct physical access
(GnuPG's passphrases, for instance), but not against attackers snooping
the decrypted keys from swap.
Joachim
--
http://linuxfromscratch.org/mailman/listinfo/hlfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
