tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kernel tty buffers and "cold-boot attacks"



Matthias Drochner <M.Drochner%fz-juelich.de@localhost> writes:
> When I checked the pam-pwauth_suid module for information
> leaks I found that kernel buffers used for IPC keep
> sensitive information for longer time too.
> Most notably tty buffers, because raw tty devices
> are used normally to enter passwords.
> In this case, since tty input is processed character by
> character anyway, it would not cost much to clear the
> buffer out after the reader got the data.
> Do you think this is OK?
>
> This could be taken much further, but for sockets we have
> encrypted protocols. Remain pipes... don't know whether
> something should be done here. Would be easy in
> the !PIPE_SOCKETPAIR case.

I think it is a good idea. In addition...

There was a good paper at Usenix Security a few years ago about a tool
called "taint bochs":

http://www.stanford.edu/~blp/papers/taint.pdf

It might be worth running it over NetBSD to find other places such
data hides.

Perry


Home | Main Index | Thread Index | Old Index