tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kernel tty buffers and "cold-boot attacks"

Matthias Drochner <> writes:
> When I checked the pam-pwauth_suid module for information
> leaks I found that kernel buffers used for IPC keep
> sensitive information for longer time too.
> Most notably tty buffers, because raw tty devices
> are used normally to enter passwords.
> In this case, since tty input is processed character by
> character anyway, it would not cost much to clear the
> buffer out after the reader got the data.
> Do you think this is OK?
> This could be taken much further, but for sockets we have
> encrypted protocols. Remain pipes... don't know whether
> something should be done here. Would be easy in
> the !PIPE_SOCKETPAIR case.

I think it is a good idea. In addition...

There was a good paper at Usenix Security a few years ago about a tool
called "taint bochs":

It might be worth running it over NetBSD to find other places such
data hides.


Home | Main Index | Thread Index | Old Index