encrypted code

Christopher Browne cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Nov 2 14:22:46 UTC 2010


On Tue, Nov 2, 2010 at 10:13 AM, Dave Cramer <davec-zxk95TxsVYDyHADnj0MGvQC/G2K4zDHf at public.gmane.org> wrote:
> I think it's possible to delete the file and still have the program
> that deleted it still access it.

Sure, I've done DOS attacks on servers (by accident!) in much this
way; I had a fax service which was writing into a log file, and did
"rm /fax/server/log/file.log", which made the file seem to disappear,
but the file continued to grow (to the point of filling all disk space
:-( ) until I shut down the fax service.

That happened to be on Digital OSF/1, but should occur perfectly
nicely on Linux.

But as security goes, this is a mirage.

Root can go into /proc, and find the file descriptors, and access the data.

So the file really is still there, and a suitably privileged user can get at it.

One might naively think that "if it's just in memory, then who can get at it?"

Unfortunately, /proc has an interface for that, too.

Really, the only answer to *truly* secure the code is to make sure it
is only decrypted on a server that the adversary cannot tamper with.
There are cryptographic coprocessors built for this kind of purpose.
-- 
http://linuxfinances.info/info/linuxdistributions.html
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list