John Andersen wrote:
On Sat, May 3, 2008 at 6:56 PM, Sam Clemens
wrote: Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Saturday 2008-05-03 at 18:08 -0400, Sam Clemens wrote:
Is there a specific reason you are encrypting swap?
It is standard procedure.
Think: your portable is hibernated and then stolen.
Hint:
The password to mounted encrypted partition is in clear text in memory, thus, in the swap. And any thing you may have opened.
Hint.. if you're portable is hibernated, then when the thief restarts it, all of your partitions are already mounted with good passwords, and can be perused by merely doing
$ strings /dev/kmem | more $ strings /dev/mem | more
Only if you are in a habit of hybernating your lap top while running as root. Who does that anyway?
Having physical access to the laptop, "local exploits" are no in play. Any "local exploit" can be accomplished by running code installed by a user into his/her home directory. Thus, getting root is not a terribly difficult thing for a reasonably knowledgeable attacker. And of course, the Firewire/IEEE 1394 port is completely unsecure. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org