Re: [swsusp] encrypt suspend data for easy wiping

From: Pavel Machek
Date: Tue Jul 26 2005 - 18:18:32 EST

Next message: Alan Cox: "Re: Obsolete files in 2.6 tree"
Previous message: Randy Dunlap: "Re: [PATCH 2.6.12 1/1] docs: updated some code docs"
In reply to: Matt Mackall: "Re: [swsusp] encrypt suspend data for easy wiping"
Next in thread: Matt Mackall: "Re: [swsusp] encrypt suspend data for easy wiping"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

> > Well, "how long are my keys going to stay in swap after
> > swsusp"... that's pretty scary.
>
> Either they're likely in RAM _anyway_ and are thus already trivially
> accessible to the attacker (for things like dm_crypt or IPSEC or
> ssh-agent), or the application took care to zero them out, or the
> application has a security bug.
>
> There are about 4 attack cases, in order of likelihood:
>
> 1) An attacker steals your suspended laptop. He has access to all your
> suspended data. This patch gets us exactly nothing.

Wrong. Without this Andreas' patch, he'll get access to your
half-a-year-old GPG passphrases, too.

> 2) An attacker breaks into your machine remotely while you're using
> it. He has access to all your RAM, which if you're actually using it,
> very likely including the same IPSEC, dm_crypt, and ssh-agent keys as
> are saved on suspend. Further, he can trivially capture your
> keystrokes and thus capture any keys you use from that point forward.
> This patch gets us very close to nothing.
>
> 3) An attacker steals your unsuspended laptop. He has access to all
> your RAM, which in all likelihood includes your IPSEC, dm_crypt, and
> ssh-agent keys. Odds are good that he invokes swsusp by closing the
> laptop. This patch gets us very close to nothing.
>
> 4) You suspend your laptop between typing your GPG key password and
> hitting enter, thus leaving your password in memory when it would
> otherwise be cleared. Then you resume your laptop and hit enter, thus
> clearing the password from RAM but leaving it on the suspend
> partition. Then an attacker steals your machine (without re-suspending
> it!) and manages to recover the swsusp image which contains the

Why without resuspending it? Position of critical data in swap is
pretty much random.

What I'm worried is: attacker steals your laptop after you were using
swsusp for half a year. Now your swap partition contains random pieces
of GPG keys you were using for last half a year. That's bad.

Current GPG keys can be found in RAM; unfortunately your swap
partition can contain current and old GPG keys that were never
supposed to be on disk. That's bad and I think we can agree on
that. Andreas's patch solves it; if it was not supposed to go on disk,
it will be erased after you resume. You can not do much better.

It is equivalent of clearing swsusp data from swap after resume, just
implemented somewhat clever...
Pavel
--
teflon -- maybe it is a trademark, but it should not be.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: Obsolete files in 2.6 tree"
Previous message: Randy Dunlap: "Re: [PATCH 2.6.12 1/1] docs: updated some code docs"
In reply to: Matt Mackall: "Re: [swsusp] encrypt suspend data for easy wiping"
Next in thread: Matt Mackall: "Re: [swsusp] encrypt suspend data for easy wiping"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]