Re: Use |mprotect()| to secure key data ? / was: Re: Proposal: always handle keys in separate process

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On 20/01/16 00:18, Roland Mainz wrote:

On Tue, Jan 19, 2016 at 11:53 PM, Ángel González<keisial@xxxxxxxxx>  wrote:

That won't work when the data was recovered because it was read inside
a stdio buffer which was not overwritten before being freed.

Why is stdio used in such a security-sensitive area anyway ? Is there
any performance impact if the code is switched to plain { |open()|,
|read()|, ... } (with sufficient wrappers for |EINTR| handling) ?


Probably not, and in fact I would favor changing it.

I was just pointing out that the private key leak was not in OpenSSH buffers,
which were properly zeroed, but from things like the use of stdio buffers.

Your proposal may be an hardening oportunity, but is not a final solution.
For that, a different process would be preferable.

Best regards



_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux