[EMAIL PROTECTED] escreveu: >> [EMAIL PROTECTED] writes: >> >> > My suggestion is to overwrite memory like 3 times if a programm free's >> the >> > memory or if a reboot is commanded via the shell. Of course this harms >> > "old" boxes but it's still btter then loosing your SSH-Key or whatever >> > resists in your ram. >> >> If someone has physical control of your machine while it is active you >> have zero security. Doing a memory overwrite in the background is not >> going to help. Accept that. >> >> If I can remove the case to get access to the memory to freeze it before >> chopping power I can also attach bus analyzers that watch and log every >> memory access. If I've a log of what was written to memory wiping the >> actual memory later does NOT help. > > Not at all! RAM keeps the information partly for MINUTES! It not a real > race condition or so... it's about physics and electricity. > And you're right abotu the Bug analyzer but that's a pretty uncommon > devices. I think it's a lot easier to get the RAM and analyze it then to > use a Busanalyzer. > NOt everybody owns a Bus analyzer but mostly anybody owns a MB compatible > to your memory modules... > > Think about bigger netroks! You do know ANY devices wich has NO ram? > Even a simple client-PC wich boots via network has ram. And in > universities or so with about 129k users you just can't ensure that NOBODY > turns off the PC, gets the RAM, reads ya SSH key and turns the PC on again > (just in case you might used it before this brave student..)... > > You could do this in like 10minutes (max!). > > If you keep in mind that if you break into a bank the cops have a time > window of about 15 minutes what do you seriously exspect in universities? > A swat-team in every pc pool? :-/ > > And a university is just one example. Another is a central manadged global > opperating company where you just can't watch the VPN router or whatever > 24/7 and where it's common that at least one provider has any issues a > month. > > Of course the problem can't get solved with a 2-line patch or so. > But it could be a good start if critical applications like ssh-agent or so > would overwrite the memory they used (if no lib* change is planed). > > As I said already from my point of view a modified free() may would solve > the issue (and it would be transparent to ANY software) or a change in the > kernel. > > Kind regards, > Sebastian > > I believe this isn't as good as it sounds. Because the thief won't steal the laptop while you are using, or give the chance for it to nicely power down and overwrite the memory. He/She will simply turn directly off the computer and read the memory. This feature on openbsd would be nice from the paranoid point of view. But will be waste of code in my opinion. Even if it's simple (which i guess isn't very simple).
My 2 cents, -- Giancarlo Razzolini Linux User 172199 Red Hat Certified Engineer no:804006389722501 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Ubuntu 7.04 Feisty Fawn Snike Tecnologia em Informatica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
