On Jun 4, 2009, at 8:57 PM, cocoa learner wrote:
I am writing an application which read an encrypted data from disk,
decrypt
it and display that in UI. Now the object that holds that decrypted
data
should not page out to swap area (for security reason).
This is my need. Is there a better way to do this?
If an attacker can get to the swap files, that means one of two things:
(a) they have (or had) superuser on the machine
(b) the attacker has physical possession of the machine (which has
been rebooted or powered down; see (a))
If (a), you've already lost. With superuser, the attacker can capture
events, inject code, commandeer the window server, and/or p0wnz3 your
process just about anyway they want.
So, really, you are defending against (b). In the case of (b), for
defending the swapfile to even matter, there must be no other
decrypted bits on disc anywhere else. Go that?
Assuming you do, then the easiest way to secure the swapfile is to
turn on swapfile encryption.
Actually, it might be the only reasonable solution.
There is no way you are going to be able to mlock() all of the random
allocations associated with any particular sub-graph of objects in
your application. The allocations are an implementation detail and
may change at whim of update, architecture and/or OS release.
You might be able to lock down your entire process, but that would be
exceptionally rude as it is going to take away significant resources
from other applications and, on a particularly resource constrained
system, could lead to exhaustion of memory resources entirely.
b.bum
_______________________________________________
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
