tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kernel tty buffers and "cold-boot attacks"

When I checked the pam-pwauth_suid module for information
leaks I found that kernel buffers used for IPC keep
sensitive information for longer time too.
Most notably tty buffers, because raw tty devices
are used normally to enter passwords.
In this case, since tty input is processed character by
character anyway, it would not cost much to clear the
buffer out after the reader got the data.
Do you think this is OK?

This could be taken much further, but for sockets we have
encrypted protocols. Remain pipes... don't know whether
something should be done here. Would be easy in

best regards

Forschungszentrum Juelich GmbH
52425 Juelich

Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr. Harald Bolt,
Dr. Sebastian M. Schmidt
# old_revision [3b62b39eb19047f96c6d90116b21dd2a273dccbc]
# patch "sys/kern/tty_subr.c"
#  from [88d0d72a2e267929607be27be5ef704c1303d874]
#    to [c10c1d8f922303e7235c65e8f531624242bd894d]
--- sys/kern/tty_subr.c 88d0d72a2e267929607be27be5ef704c1303d874
+++ sys/kern/tty_subr.c c10c1d8f922303e7235c65e8f531624242bd894d
@@ -129,6 +129,7 @@ getc(struct clist *clp)
                        c |= TTY_QUOTE;
+       *clp->c_cf = 0;
        if (++clp->c_cf == clp->c_ce)
                clp->c_cf = clp->c_cs;
        if (--clp->c_cc == 0)

Home | Main Index | Thread Index | Old Index