Re: kernel tty buffers and "cold-boot attacks"

To: "Perry E. Metzger" <perry%piermont.com@localhost>
Subject: Re: kernel tty buffers and "cold-boot attacks"
From: Matthias Drochner <M.Drochner%fz-juelich.de@localhost>
Date: Wed, 16 Jul 2008 20:08:25 +0200

perry%piermont.com@localhost said:
> There was a good paper at Usenix Security a few years ago about a tool
> called "taint bochs"

Thanks -- interesting... I just don't have time for such
research atm.
With the tty buffer cleaning and a minor fix to openpam
I'm at a point where I don't find traces of plaintext passwords
by "dd if=/dev/mem of=dump; strings dump|grep ..." anymore.
This depends on page reuse patterns of course and pageidlezero,
but at least one can check individual programs and subsystems
now without being obstructed by a poor SNR.

best regards
Matthias




-------------------------------------------------------------------
-------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich

Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr. Harald Bolt,
Dr. Sebastian M. Schmidt
-------------------------------------------------------------------
-------------------------------------------------------------------

References:
- kernel tty buffers and "cold-boot attacks"
  - From: Matthias Drochner
- Re: kernel tty buffers and "cold-boot attacks"
  - From: Perry E. Metzger

Prev by Date: Re: Subfile GSoC Mid-Checkpoint Status
Next by Date: Re: inode open
Previous by Thread: Re: kernel tty buffers and "cold-boot attacks"
Next by Thread: GSoC report: GNU/Hurd translators
Indexes:

Home | Main Index | Thread Index | Old Index