Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.4: Two hints related to swap files System 10.4
Tiger only hintTwo short hints here to improve life with swap files. The first is for the paranoid (aka, security-conscious) types, who should be sure to enable encrypted swap. It's enabled simply by going into System Preferences -> Security, then checking 'Use secure virtual memory.' You'll need to reboot for this to take effect.

The second is an easy method to see how much swap is in use. Within Terminal, run this command:
sysctl vm.swapusage
This will simply show how much is allocated (which should agree with the files in /private/var/vm), how much is currently used, and if you have encrypted swap enabled.
    •    
  • Currently 3.00 / 5
  You rated: 2 / 5 (4 votes cast)
 
[10,695 views]  

10.4: Two hints related to swap files | 12 comments | Create New Account
Click here to return to the '10.4: Two hints related to swap files' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: Two hints related to swap files
Authored by: Gus on May 20, '05 12:31:06PM

Does using the protected VM have a significant impact on performance?

Sincerely,
Gus

---
--
Ing. lic. G.E.A. Vansteelant
Lead Assessor



[ Reply to This | # ]
10.4: Two hints related to swap files
Authored by: Gerk on May 20, '05 02:53:40PM

the protected VM is not just for the paranoid. if it's not a big performance hit everyone should use it, dare I say they make it the default ... if you want to see something interesting do a strings command on the VM file ... you can see all sorts of nastiness that you shouldn't be able to like unencrypted usernames/passwords for all users on the machine, regardless of your user access (everyone can read the vm file)



[ Reply to This | # ]
10.4: Two hints related to swap files
Authored by: jlevitsk on May 20, '05 03:16:25PM

I agree. In my corporate image I enabled it by just appending ENCRYPTSWAP=-YES- to /etc/hostconfig



[ Reply to This | # ]
10.4: Two hints related to swap files
Authored by: TriNeuro on May 20, '05 05:05:29PM

Uhm, everyone can read swap files?
Sample ls-output:
-rw------T 1 root wheel 67108864 May 18 23:27 swapfile0

That should mean read and write access only to the root-user. If you have an administrator account, you could sudo commands to read it. Nevertheless, one should be really interested before beginning to read through the swap file (and probably get a hold of an admin account, as no one with malicious intent should be in possess of such an account anyway).



[ Reply to This | # ]
10.4: Two hints related to swap files
Authored by: osxpounder on May 20, '05 05:30:44PM

I'm wondering if those of you who've tried enabling this encryption have noticed performance issues. I'm setting up my first Mac mini for a really novice user, and I don't know how much to demand of the mini -- whether it's fast enough, overall, to handle the load of encrypting its swap file.

I can't really experiment with the little time I've got before I deliver the mini.

So, whether you've got a mini or not, I'd love to hear whether you've noticed performance hits due to encrypting your swap file.

---
--
osxpounder



[ Reply to This | # ]
10.4: Two hints related to swap files
Authored by: Spiken on May 20, '05 06:31:48PM

My computer simply get's all jammed up with encrypting on, it's not even something I'm thinking of. It takes a full 2 minutes to open an application like Apple Mail.



[ Reply to This | # ]
10.4: Two hints related to swap files
Authored by: lolopb on May 20, '05 06:36:42PM

Strange, I enabled this since the beginning (and even before during beta tests) and it never happened, apps are still fast to launch, even Mail 2.

You may have another problem...



[ Reply to This | # ]
10.4: Two hints related to swap files
Authored by: mayo2ca on May 21, '05 03:32:50PM

Is this on one of the older PowerBooks? They have 4200rpm drives, which may be quiet slow for this



[ Reply to This | # ]
10.4: Two hints related to swap files
Authored by: macgruder on May 22, '05 11:51:45AM

I don't think it's true that all users can read the files. If your permission are correct the Swapfiles are owned by root:wheel and have 0600 permissions, so only root can do anything.



[ Reply to This | # ]
Performance hit?
Authored by: badtz on May 20, '05 06:42:18PM

Does turning this on result in a performance hit? [like turning on Journaling]



[ Reply to This | # ]
Notes on secure virtual memory
Authored by: TrueWhore on May 21, '05 04:07:16AM
Because secure swap is not enabled by default on a new install you have to be aware of something if you decide to enable it: Any data that was in your memory at any point before you enabled it is quite likely still on your disk. This could include your login password etc.

See http://onebutan.com/Secure_virtual_memory for the procedure to clean your disk.

When I was experimenting with it, another person wrote a perl script to overcommit memory to force swapping, and he noted that there is a performance hit with encryption on. In real world use I haven't found it to be a problem (I have it on).

[ Reply to This | # ]

Notes on secure virtual memory
Authored by: auricgoldfinger on May 21, '05 04:22:41AM

I have it on too, no performance issues here. I'm a real world user too ;)



[ Reply to This | # ]