Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

How to disable virtual memory / swap files System
Mac OS X 10.x -> 10.3.x versions all write plain test data to virtual memory swap files stored at /private/var/vm/ in the format: swapfile0, swapfile1, etc. Research has shown that swap files can contain passwords from File Vault, login and KeyChain - nullifying the protection they provide. Access to swapfiles can be made through admin access or via startup from an external drive, another partition, OS X or other startup CD. Full open firmware protection will not protect your computer from this if the attacker has physical access to the computer it can be quickly bypassed. Swap files are erased unsecurely at startup, and will leave traces of data over the entire start-up disk/partition.

The Solution: For those of you that are paranoid or require a more secure system environment, the solution is turn swap off entirely. This will slow down your machine when doing processor-intensive tasks, but otherwise should be fine.

[robg adds: I haven't tested this one, and I think it may have an impact during memory-intensive tasks, not necessarily processor-intensive tasks as written above. Swap is an integral part of OS X, and I do not recommend disabling it. For instance, if you use up all available physical RAM, what happens when there's no swap available? Perhaps someone can chime in in the comments, but I believe your machine could lock up. Once again, I don't recommend doing this, but if you'd like to know how, read the rest of the hint.]

How To:
  1. Open Terminal in the Applications -> Utilities folder. Type the following, hitting Return after each command.

    cd /etc -- this brings you to the file you want to work with
    sudo cp /etc/rc /etc/rc.orig -- this makes a copy of the file etc/rc called etc/rc.orig; enter administrative password when asked.
    sudo pico /etc/rc -- this brings you into a text editing program to edit the file; enter administrative password when asked.

  2. Use the arrow keys to go down until you see one of these lines:
    • In osx 10.3.x: dynamic_pager -F ${swapdir}/swapfile
    • In osx 10.2.x: dynamic_pager -H 40000000 -L 160000000 -S 80000000 -F ${swapdir}/swapfile


  3. Type # at the beggining of the dynamic pager line. HIt Control-X to save file then answer Y and hit Return.

  4. Type exit -- this logs you out of the Terminal session.

  5. Now delete the old swap files securely. In osx 10.3.x, type sudo srm /private/var/vm/swapfile*. In osx 10.2.x, you should use a security application such as PGP to securely delete any remaining swap files located in /private/var/vm/. The swap files are named: swapfile*

  6. Restart your computer and check to make sure swap is off. Start terminal and type ls -al /private/var/vm/ -- this lists the contents of /private/var/vm/. You should see no files named: swapfile*

  7. Wipe free space on your startup disk or partition, as swap files will leak information to all areas of free space. iWipe is a shareware application () that will wipe free space. iWipe in demo mode will wipe free space. bcwipe (download and compile from source, or install via Fink) can also be used to wipe free space on any disk or partition. Open Terminal and type bcwipe -F /volumes/YOUR_VOLUME/.
References:

Original BugTraq posts (1, 2) describing the security problems and how to exploit them.
Info on moving swap and how swap works

Disclaimer: I have no connections to Apple, Jetico or Freshly Squeezed Software. Turning your swap off may cause problems when trying to do functions that require large amounts of memory, resulting in your system freezing.
    •    
  • Currently 3.14 / 5
  You rated: 4 / 5 (7 votes cast)
 
[80,059 views]  

How to disable virtual memory / swap files | 21 comments | Create New Account
Click here to return to the 'How to disable virtual memory / swap files' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Warning
Authored by: paulio on Aug 12, '04 11:15:15AM

Disabling VM will cause problems.

Don't do it unless you know exactly what you are doing.



[ Reply to This | # ]
How to disable virtual memory / swap files
Authored by: jcenters on Aug 12, '04 11:31:02AM

Couldn't you just edit the rc script to securely delete the swapfiles at startup? This seems like it help close a big part of the security hole without borking the system.



[ Reply to This | # ]
How to disable virtual memory / swap files
Authored by: darkhalf on Aug 12, '04 07:32:03PM

It would only be removed at boot and get rebuilt with use. The entire time the machine is powered off, it is still vulnerable as long as you don't let the machine get to the point of running the rc.

It would be more wise to wipe it at halt. But that wouldn't stop the fact that it's plain insecure while you're using it.



[ Reply to This | # ]
How to disable virtual memory / swap files
Authored by: Elian on Aug 12, '04 11:45:49AM

If you disable virtual memory all that happens is your system will run out of memory for processes quicker. (The same thing happens if you leave VM enabled but run out of disk space for swap files) Processes that request memory won't get it, and may or may not do something sensible as a result.

Since running out of memory tends to be an unusual occurrence, many programs don't deal with it at all well, and may behave erratically or just plain die. Even programs that do deal with it properly may die, since that may be the only sane thing to do in an out-of-memory situation.

This will cause you problems if, for example, one of the system processes (like the window manager) needs more memory and can't get it--you may well find your login session dies.

I really wouldn't do this unless you actually need to test what happens when the system runs out of memory (like if you're stress-testing an application you're writing)



[ Reply to This | # ]
How to disable virtual memory / swap files
Authored by: Auricchio on Aug 12, '04 01:02:29PM

Turning off swap, as others have suggested, is such an extreme move as to be dangerous. The system will eventually die a sudden and perhaps horrible death.

Using "srm" instead of "rm" in the rc file makes the most sense, as suggested above. The swap files will be securely deleted.

As for physical access and security, this has always been known. If someone has physical access to a computer, they can gain access. This is why the military developed the Tempest enclosure; it prevents physical access to all but the keyboard and mouse.

---
EMOJO: mojo no longer workin'



[ Reply to This | # ]
Tempest is for NON-physical access
Authored by: dhrakar on Aug 12, '04 02:15:48PM

Almost :-)

Tempest-rated enclosures are designed to keep out non-physical access to your system. That is, they prevent someone from being able to intercept the RF signals put out by your system by having really tight sheilding. The reason that this is a problem is that sophisticated snoopers can 'see' what you are doing on your system by analyzing the RF it puts out.

As far as the military is concerned, keeping a handle on physical access is what twitchy 18yr olds with M16s are for :-)



[ Reply to This | # ]
horrible death... :) and security for all!
Authored by: hard-mac on Aug 12, '04 07:59:39PM

Your system will not die a horrible death.

I have tested using No vm swap on numerous systems for several weeks now. At worst you may get a beach ball when you try and open many many things at once.... It depends on how much RAM your machine has.

As I said in the above hint this is for people who require more security than the current level of OSX default installation. For those who can not tolerate the fact that their Login and FileVault and Keychain passwords re there for the easy pickings to anyone that can has physical access to there machine or who roots it through a remote exploit!

Cheers,
Thomas

---
-------------------------------------
Hardening Your Macintosh
http://members.lycos.co.uk/hardapple/



[ Reply to This | # ]
horrible death... :) and security for all!
Authored by: GaelicWizard on Aug 12, '04 11:51:53PM

Your fantasy of security is slightly off centre.

"at worse" you system will die. If the window server cannot malloc memory, then it will freeze. Once it has froze, you can ssh in and start killing things to free memory, but then you lose unsaved work. If you can't free enough to un-freeze the window server, then its dead.

If someone roots your machine through some yet-to-be-discovered remote exploit that you have left on your machine even after a patch is released (which would happen within days), then they have access to the kernel and can grab passwords from memory, forget the swap file.

If someone has root, then you're screwed. If your fantasy of keeping passwords off disk makes you feel special, then by all means go for it, it will only prevent you from working efficiently. Recommending that others do it is irresponsible.

I have tried the grepping for password trick and it is particularly disturbing that my password showed up a dozen times, since then I have made sure that my login password and the root (if you make the mistake to enable root) password are different from all my other passwords and have discovered that I am unable to find my password in memory. I do not know if this is sufficient proof that this "hole" is not as bad as you pretend, but it is does mean that there is almost no way for someone to crack my passwords, assuming that they can somehow get root to see my swap files anyway.

Of course, it is ridiculously easy to extract passwords from /etc/passwd, netinfo, and even panther's shadow-hash, if you have root. Go check out John the Ripper, it might bother you sufficiently to go delete your hard drive to make sure your passwords are safe.

JP

---
Pell



[ Reply to This | # ]
How to disable virtual memory / swap files
Authored by: Auricchio on Aug 12, '04 05:25:53PM

Sorry about that. I was under the impression it was for physical access. They have other enclosures that keep people away from switches, connectors, floppy drives, etc.

---
EMOJO: mojo no longer workin'



[ Reply to This | # ]
This is why...
Authored by: TrumpetPower! on Aug 12, '04 05:48:11PM

This is why OpenBSD encrypts its swap. One can hope that Apple will at least offer the option to encrypt swap at some point in the future.

OS X is great, but I wish it were based on OpenBSD, not FreeBSD....

Cheers,

b&



[ Reply to This | # ]
In the meantime you can use PGP disk
Authored by: hamarkus on Aug 12, '04 06:19:43PM

About a month ago there was a discussion on macintouch.com about security implications of the non-encrypted swap files (search the NEWS pages for swap AND encrypt).

There people recommended using PGP disk (instead of FileVault if I understood it correctly). It is erasing all pass phrases from memory directly after using them which should prevent them from ending up in a swap file.
http://www.pgp.com/products/desktop/comparison.html



[ Reply to This | # ]
PGP disk works great but.....
Authored by: hard-mac on Aug 12, '04 07:51:50PM

While PGP disk works great and I definately reccomnend it as a better replacement to those using FileVault (swap on or not). Using PGP Vault does still not adress all the other security concerns with using vm swap. Keychain login passwords and more are all written to swap plain text.

As I said above, this hint is for those people who need a higher level of security and is not for everyone.

---
-------------------------------------
Hardening Your Macintosh
http://members.lycos.co.uk/hardapple/



[ Reply to This | # ]
This is why...
Authored by: watersb on Aug 13, '04 06:59:24PM

Based on OpenBSD would not make sense for the Mac -- the whole point of OpenBSD is the code review process. So Apple could have their stuff submitted to OpenBSD's code review, but then ALL of their stuff would have to be open-source, and they would have to pull out Aqua etc. etc. etc... until such time as the review was completed. Bah!

To make matters worse, OpenBSD's disk encryption is weaker than the GEOM-based disk encryption in FreeBSD 5.x or the loop-aes in Linux. I can't comment on FileVault's strength because Apple won't show source code for it.

Probably there are errors in the application of encryption in FileVault just like all the others.

Proper use of encryption for disks is hard.



[ Reply to This | # ]
How to disable virtual memory / swap files
Authored by: Arif on Aug 12, '04 09:29:35PM

But encrypting the swap files will surely slow down the perfomance of our memory considerably.

I know its a pain, but this is a tricky topic.

besides, the only way you would be vunerable is if:

1) you had someone intending to hack your computer
2) the hacker had a knowladge of macintosh computers
3) you left your computer unattended, while logged in as admin

remotely, there is fat chance of getting at the swapfile as to view it you would need the admin password, and if he/she has it, then why the hell are they trying to view it in the first place!?



[ Reply to This | # ]
How to disable virtual memory / swap files
Authored by: GaelicWizard on Aug 12, '04 11:51:43PM

Actually, the symmetric cypher used by OpenBSD to encrypt the swap file is faster than the disk access so there is no performance degradation at all (except under ridiculous load).

JP

---
Pell



[ Reply to This | # ]
How to disable virtual memory / swap files
Authored by: olivesoft on Aug 13, '04 12:35:50AM

While the non-secure erase of swap files may be somewhat of a problem, it's kind of hard to pick out the passwords out of mostly random data in the free blocks of a hard disk without already knowing what they are. As for those nasty administrator users snooping, why did you make them administrators in the first place? Besides, even with the VM system disabled, and admin user can still read /dev/mem to read the current contents of memory...


---
-Bob
---------------------
I tend to think of [Mac] OS X as Linux with QA and Taste.
-James Gosling, Java Architect



[ Reply to This | # ]
Turning off the VM to enhancing performance?
Authored by: romulis on Aug 19, '04 08:52:24AM
OK - security issues asside, I'd like to know a little about VM performance. (what ARE you people hiding? You do have backups, right?).

My setup: a dual 2GHz G5, 4.5GB RAM, 128MB swap (in 2 files). I'm running an oracle server (for development). I do a lot of data munging and, at the moment, image manipulation (the job I've got running now will probably finish in 12 hours or so).

I'm using MenuMeters (beta, version 1.1.1 can't handle 4GB :-) and the activity monitor to get a handle on system performance.

I've noticed that when heavily loaded, even this machine swaps like crazy. I often see 1,000+ pagein/outs per second (ie: swapping 4+MB data/sec).

Now I've turned off the VM and.... (almost) no change!

Activity Monitor thinks that the VM is 12GB large (with the dynamic pager turned off. huh?) It's not paging out any more, but it is still paging in endlessly. (With the VM turned on page-outs were in the same order of magnitude as page-ins). Could it be that these stats are counting normal data reads (initiated by applications) as well as vm reads (ie: reads initiated by the VM system)?

The memory usage stats are even more confusing: 300MB wired (system code?), 300MB active (programs & data) and the rest is inactive (does this include 'freed' memory? Is it OS-X's file cache? If the OS needs more space, does it just throw this away?)

Anyway, after this little experiment I'm going to turn the VM back on again, for no other reason than complying with the standard setup.

Does anyone have any other ideas to prevent OS-X from swapping?

Thanks for the original tip, and thanks for any other suggestions!

Steve

[ Reply to This | # ]

encrypted swap
Authored by: hard-mac on Sep 12, '04 11:52:12PM

Some research and testing into an encrypted swap set up is currently underway:

Encrypted Swap on Mac OS X 10.3 (Panther)
http://andreas-s.net/osx-encrypted-swap.html

Some discussions
http://thread.gmane.org/gmane.linux.gentoo.macosx/107



---
-------------------------------------
Hardening Your Macintosh
http://members.lycos.co.uk/hardapple/



[ Reply to This | # ]
How to disable virtual memory / swap files
Authored by: bartvh on Apr 19, '08 02:34:39PM
Tiger's (OS X 10.4) dynamic_pager deamon has an -E(encrypt) option for the swapfiles.

So, no switching of the virtual memory system is needed anymore. I haven't tried the encryption option yet, so I can't tell how much system performance degradation this introduced (it sure must...)

[ Reply to This | # ]
How to disable virtual memory / swap files
Authored by: Antirty on Jan 18, '09 12:26:14PM

I would like to disable virtual memory as Firefox keeps running slowly whenever I have loads of windows and tabs open, when I look in Activity Monitor it show it is using upto a about a gigabyte of VM... why it does this I do not understand as I have at least 2GB of RAM unused and available to use. If I then run another browser such as safari whilst still having the same slow running firefox open Safari or alike runs at full speed.. firefox is prone to slow scrolling and poor performance due to this. Safari doesn't do this. Though I prefer to use Firefox, but I am liable to stop using it if this problem remains....

I assume if I turned off VM then Firefox would have to use the available RAM. There seems to be no way of changing the VM use within system preferences or in Firefox preferences.

I am running the latest version of Firefox and Leopard 10.5.6 on a Dual G5 2.0ghz with 4GB of RAM.

I used to get this same issue on Tiger on my G4, but it stopped doing once I changed machine due to system performance improvement, but clearly the problem is the same as I am now finding out when needing to have a large number of tabs and windows open. There is no need for my system to be running slow when it's hardly using any of it's resources/power.



[ Reply to This | # ]
How to disable virtual memory / swap files
Authored by: parmendil on Dec 16, '10 03:53:15AM

Now... how can I enable it back again? :)

Some day's ago I was working with some really big files and memory consumers applications, and the mac started working really close to the edge.



[ Reply to This | # ]