Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'horrible death... :) and security for all!' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
horrible death... :) and security for all!
Authored by: GaelicWizard on Aug 12, '04 11:51:53PM

Your fantasy of security is slightly off centre.

"at worse" you system will die. If the window server cannot malloc memory, then it will freeze. Once it has froze, you can ssh in and start killing things to free memory, but then you lose unsaved work. If you can't free enough to un-freeze the window server, then its dead.

If someone roots your machine through some yet-to-be-discovered remote exploit that you have left on your machine even after a patch is released (which would happen within days), then they have access to the kernel and can grab passwords from memory, forget the swap file.

If someone has root, then you're screwed. If your fantasy of keeping passwords off disk makes you feel special, then by all means go for it, it will only prevent you from working efficiently. Recommending that others do it is irresponsible.

I have tried the grepping for password trick and it is particularly disturbing that my password showed up a dozen times, since then I have made sure that my login password and the root (if you make the mistake to enable root) password are different from all my other passwords and have discovered that I am unable to find my password in memory. I do not know if this is sufficient proof that this "hole" is not as bad as you pretend, but it is does mean that there is almost no way for someone to crack my passwords, assuming that they can somehow get root to see my swap files anyway.

Of course, it is ridiculously easy to extract passwords from /etc/passwd, netinfo, and even panther's shadow-hash, if you have root. Go check out John the Ripper, it might bother you sufficiently to go delete your hard drive to make sure your passwords are safe.



[ Reply to This | # ]