Re: mlock(1)

From: Nigel Cunningham
Date: Tue Sep 28 2004 - 17:19:50 EST

Next message: Robert Love: "Re: [RFC][PATCH] inotify 0.10.0"
Previous message: Robert Love: "Re: [patch] inotify: use the idr layer"
In reply to: Andrea Arcangeli: "Re: mlock(1)"
Next in thread: Alan Cox: "Re: mlock(1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi.

On Tue, 2004-09-28 at 08:43, Andrea Arcangeli wrote:
> On Tue, Sep 28, 2004 at 08:22:41AM +1000, Nigel Cunningham wrote:
> > > I figured out how to make the swap encryption completely transparent to
> > > userspace, and even to swap suspend, so I think it's much better than
> > > having userspace asking the user for a password, or userspace choosing a
> > > random password.
> >
> But why did you quote the above? for cryptoswap it cannot work, for
> cryptoswap there's no reason to ever ask the user to anything and it
> must read and write all the time anyways, it's not like suspend
> write-only and resume read-only, a problem where public/private
> encryption can fit.

I think I was a bit confused. Sorry.

> > > yes, but the bootloader passes the paramters via /proc/cmdline, and it's
> > > not nice to show the password in cleartext there.
> >
> > If this password is only needed when resuming, that's not an issue
> > because the command line given when resuming will be lost when the
> > original kernel data is copied back.
>
> my point is that you would not be allowed to give anyone ssh access to
> your machine (assuming you trust local security). If he gets ssh access,
> then he could as well stole the laptop and read the encrypted data.

Don't follow, sorry. Perhaps I'm being thick!

> But if calling set_fs(KERNEL_DS); sys_read(0) sounds troublesome, you
> could also erase the password from the cmdline, and you would still
> pass the passphrase via bootloader. I'd recommend not to make it visible
> to userspace.
>
> > There's already compression support. It's simpler to reverse, of course,
> > but it doesn't help?
>
> that should be trivial to reverse, no?

Yes, it would be.

Regards,

Nigel
--
Nigel Cunningham
Pastoral Worker
Christian Reformed Church of Tuggeranong
PO Box 1004, Tuggeranong, ACT 2901

Many today claim to be tolerant. True tolerance, however, can cope with others
being intolerant.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Robert Love: "Re: [RFC][PATCH] inotify 0.10.0"
Previous message: Robert Love: "Re: [patch] inotify: use the idr layer"
In reply to: Andrea Arcangeli: "Re: mlock(1)"
Next in thread: Alan Cox: "Re: mlock(1)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]