Re: mlock(1)

From: Andrea Arcangeli
Date: Mon Sep 27 2004 - 09:21:16 EST

Next message: Theodore Ts'o: "Re: [PROPOSAL/PATCH] Fortuna PRNG in /dev/random"
Previous message: James Bottomley: "Re: [RFC]transient transport error report for LLD timeout"
In reply to: Wolfgang Walter: "Re: mlock(1)"
Next in thread: Stefan Seyfried: "Re: mlock(1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Sep 27, 2004 at 08:16:43AM +0200, Stefan Seyfried wrote:
> Andrea Arcangeli wrote:
>
> > random keys are exactly fine, but only for the swap usage on a desktop
> > machine (the one I mentioned above, where the user will not be asked for
> > a password), but it's not ok for suspend/resume, suspend/resume needs
> > a regular password asked to the user both at suspend time and at resume
> > time.
>
> Why not ask on every boot? (and yes, the passphrase could be stored on a
> fixed disk location - hashed with a function of sufficient complexity
> and number of bits, just to warn the user if he does a typo, couldn't
> it?). If suspend is working, you basically never reboot. So why ask on
> suspend _and_ resume? This also solves the "suspend on lid close" issue.

because I never use suspend/resume on my desktop, I never shutdown my
desktop. I don't see why should I spend time typing a password when
there's no need to. Every single guy out there will complain at linux
hanging during boot asking for password before reaching kdm.

I figured out how to make the swap encryption completely transparent to
userspace, and even to swap suspend, so I think it's much better than
having userspace asking the user for a password, or userspace choosing a
random password.

> And a resume is - in the beginning - a boot, so just ask early enough
> (maybe the bootloader could do this?)

yes, but the bootloader passes the paramters via /proc/cmdline, and it's
not nice to show the password in cleartext there.

So I think it'd generally safer to have the kernel asking for a password
during resume.

You're right that if we'd be asking users for a password at every
swapon, we wouldn't need to ask the password during suspend, but then
every single machine would hang during boot asking for a password, I
much prefer the machine to hang in suspend and resume only and it looks
much nicer to do all swap encryption completely transparent to userspace.

Userspace/yast will only know how to turn it on/off via a sysctl.

userspace may also want to learn about suspend/resume encryption.

Keep in mind the password cannot be stored on the harddisk, or it would
be trivial to find it for an attacker stoling the laptop.

suspend/resume is just unusable for me on the laptop until we fix the
crypto issues.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Theodore Ts'o: "Re: [PROPOSAL/PATCH] Fortuna PRNG in /dev/random"
Previous message: James Bottomley: "Re: [RFC]transient transport error report for LLD timeout"
In reply to: Wolfgang Walter: "Re: mlock(1)"
Next in thread: Stefan Seyfried: "Re: mlock(1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]