--SWTRyWv/ijrBap1m
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Aug 02, 2006 at 12:31:16PM +0200, Geert Hendrickx wrote:
> On Wed, Aug 02, 2006 at 05:39:46PM +0800, Joseph A. Dacuma wrote:
> > >
> > > Indeed.  What you see is what has ever been in swap but has not been
> > > overwritten yet.
> > >
> > > What frightened me is that this command worked for my regular non-root
> > > user
> > > as well, because it's in the "operator" group.  I have all console us=
ers
> > > in
> > > the operator group so they can use the shutdown(8) command, mount flo=
ppy
> > > and CD-ROM devices, ..., but this now seems to be a security issue.
> > >
> > > 	Geert
> > >
> > Hi Mr. Hendrickx!
> >=20
> > Thanks for your reply. Its scary specially for sites requiring ultra
> > secure implementations. Good thing there is CGD. :)
>=20
> You should understand what CGD protects you from and what not.  CGD will
> make it impossible for someone who steals your hard disk to read the
> contents of encrypted partitions/filesystems.  However your own kernel mu=
st
> know how to read it and once it's configured with the proper key (through
> cgdconfig or automatically at boot-time), operator-users can read the
> contents of the /dev/cgd0* devices as if they were ordinary disk devices,
> since those are also group-readable for the operator group.  So CGD will
> not solve this particular problem. =20

Actually, you are not correct. Check out the "randomkey" and "urandomkey"=
=20
key generation methods. They are specifically designed to work with things=
=20
like swap.

Take care,

Bill

--SWTRyWv/ijrBap1m
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (NetBSD)

iD8DBQFE0SYUWz+3JHUci9cRAnu3AKCAfXSGQi/HS36kKlK2Z9+E2Ys+ogCfRpF+
tf2yqCmtMHf4ZbQrhgbd/1s=
=DadR
-----END PGP SIGNATURE-----

--SWTRyWv/ijrBap1m--