encrypted code
Christopher Browne
cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Nov 2 14:22:46 UTC 2010
On Tue, Nov 2, 2010 at 10:13 AM, Dave Cramer <davec-zxk95TxsVYDyHADnj0MGvQC/G2K4zDHf at public.gmane.org> wrote:
> I think it's possible to delete the file and still have the program
> that deleted it still access it.
Sure, I've done DOS attacks on servers (by accident!) in much this
way; I had a fax service which was writing into a log file, and did
"rm /fax/server/log/file.log", which made the file seem to disappear,
but the file continued to grow (to the point of filling all disk space
:-( ) until I shut down the fax service.
That happened to be on Digital OSF/1, but should occur perfectly
nicely on Linux.
But as security goes, this is a mirage.
Root can go into /proc, and find the file descriptors, and access the data.
So the file really is still there, and a suitably privileged user can get at it.
One might naively think that "if it's just in memory, then who can get at it?"
Unfortunately, /proc has an interface for that, too.
Really, the only answer to *truly* secure the code is to make sure it
is only decrypted on a server that the adversary cannot tamper with.
There are cryptographic coprocessors built for this kind of purpose.
--
http://linuxfinances.info/info/linuxdistributions.html
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list