cdowns <cdowns@angrypacket.com> writes: > while screwing around tonight checking memory for the SSH2 > advisory. I noticed passphrase and complete sessions from silc in > memory. I dont know if this is normal for silc ( I wouldnt think it > would be ) but all you need to do it is: > > cdowns@Vader:~$ sudo dd if=/dev/mem of=/home/cdowns/mem.dump | less > ~cdowns/mem.dump > > then just search for you key phrase. This is completely normal. On today's computers, you can process information unless it is stored in memory. Usually, this isn't a problem because the operating system will prevent other users from accessing such information. In some scenarios, paging to the swap area is a problem because such critical information might be stored persistently. If this is relevant in your environment, turn off swap or use an encrypted swap area. Some software (notably GnuPG) use calls to mlock() to prevent paging, but this practice is questionable: it introduces complexity which most users do not need, and according to POSIX.1-2001, mlock() does not prevent paging, but guarantees that this portion of the address space is never discarded (after it has been paged to disk, for example). -- Florian Weimer Weimer@CERT.Uni-Stuttgart.DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898
