Re: encrypting swap (was Re: TEST)

[Pollei <sjp@toolbuilders.com>]

On Mon, 7 Aug 2000, James Stevenson wrote:

> 
> Hi
> 
> one of the things that i though was what is the point in encrypting the
> swap file under linux i do not see any benifits
> it would be slower
> no added security (/proc/kcore ?) unless the person who set the system
> up has left the swap world readable (duh) if you are root you can just
> poke around the processes memory anyway
It is mostly for things like passwds or temporarily unencrypted info that
is stored in memory. Perhaps one could argue that one needs to identify
all that info and use mlock, mlockall, and friends to prevent it from
swapping.
Otherwise things that you thought are temporary might become more
permanent... Things like your private key that was protected by a
passphrase being written in clear-text out to swap.
First rule on these temporary intermediates is to memset(buf,0,cnt) them
when done.
Second rule is to lock them down so they don't swap and/or encrypt the
swap.

Which one is more expensive performance
wise mlockall(MCL_CURRENT|MCL_FUTURE) or encrypted swap?
Which one is easier to audit and make sure you caught all the cases?
I think that especially with all the gui stuff that people are trying to
use that an encrypted swap would be much easier to verify correctness of.
Besides if you are really concerned about performance you shouldn't be
swapping that much if any anyway.


Kernel-audit:  discussion list for security and the linux kernel
Archive:       http://mail.nl.linux.org/kernel-audit/