Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I would like to run a service that relies on a secret key that I really do not want to fall into the hands of hackers. That would be a complete disaster really. I am not a Linux export so this might be dumb, but this is my idea:
Have a program load the secret key from a file and into a variable (ram) and then (thoroughly) delete the file. The program would never stop running and if it did, I would have to copy the key to the server again from offline storage. But is there a way to have kernel level protection of process ram, so that no other process can read it?
The reason why I like the idea of storing it in ram is that if the computer is turned off, the data becomes unrecoverable after only a few seconds.
Again, I don't know if this is dumb. What do you guys think?
Libgcrypt uses a concept known as secure memory, which is a region of memory set aside for storing sensitive data. Because such memory is a scarce resource, it needs to be setup in advanced to a fixed size. Further, most operating systems have special requirements on how that secure memory can be used. For example, it might be required to install an application as “setuid(root)” to allow allocating such memory. Libgcrypt requires a sequence of initialization steps to make sure that this works correctly. The following examples show the necessary steps.
Have a program load the secret key from a file and into a variable (ram) and then (thoroughly) delete the file.
Why would the key be in a file in the first place? If the key has been on an unencrypted disk at some point in time, you already lost: The filesystem driver might move the file around for performance/resources/load balancing/fragmentation reasons and not sanitize the old version, and modern filesystems have a journal which contains traces of previous file operations. Do NOT allow key data to get on disk!
Persistent encryption systems work with a container header which is used to calculate the key with data provided from user-supplied password(s) and/or keyfile(s). In linux, the software is called cryptsetup-LUKS. Use it, instead of writing your own. If you are not a real security genius, chances are that your own software forgets to secure data from being written to disk (think swap...).
In linux in a c program you can lock a part of memory or whole process memory(If it is small or your are root) using mlock and mlockall functions. Then after using that memory you have to zero out it. Them unlock them. This function prevents the kernel from swapping the memory to swap also.
Thank you for the feedback guys. I will keep these things in mind. veerain, couldn't you theoretically just DLL inject into the program ram space though?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
