on Thu, Nov 30, 2000 at 07:09:02PM -0500, Chris Gray ([EMAIL PROTECTED]) wrote: > >>>>> "kmself" == kmself <kmself@ix.netcom.com> writes: > > >> The other root programs shouldn't be looking at memory other > >> than their own, or else they'd segfault. The major thing with > >> memory-locking is that the memory never gets written to disk. > > kmself> What about /proc/kcore or /dev/mem? > > You're probably right about this (IANA security expert), but these > should only be readable by root. Also, if you have a malicious root, > your private key isn't going to be all that safe anyway.
Well, on disk, your private key is secured by your passphrase (right?). Granted, various sniffers could pick this up, but only when active, not at all times. So memory access is probably an easier avenue to the same goal. Yes, ultimately, you do have to trust your system. -- Karsten M. Self <kmself@ix.netcom.com> http://www.netcom.com/~kmself Evangelist, Zelerate, Inc. http://www.zelerate.org What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
pgpgKAgQWwoyZ.pgp
Description: PGP signature
