While research on that subject concentrates on cryptographic keys, which are high-value secrets, it could really apply to just any data. Variants have been developed which use other cache-like resources, e.g. This has been exploited to recover cryptographic keys used by one process, from another. When two process run on the same CPU, they share some resources, including cache memory memory accesses are much faster in the cache than elsewhere, but cache size is very limited. Modern hardware makes that very difficult. The mainframe model assumes that it can run several process which are hostile to each other, and yet maintain perfect peace and isolation. To avoid leaks through hibernation, you have to resort to drastic measures like encrypting the whole disk - this naturally implies typing the unlock password whenever you awake the machine. By nature, hibernation must write the whole RAM to the disk - this may include pages which were mlocked, and even the contents of the CPU registers. Hibernation brings back the same issues, with a vengeance. Most programming languages are thus impacted (e.g. In particular, programming languages which use Garbage Collection may transparently copy objects in RAM (because it really helps for many GC algorithms). As a programmer, you access RAM through the abstraction provided by the programming language. Since locking pages in RAM can deplete available RAM resources for other process, you need some privileges (root again) to use this function.Īn aggravating circumstance is that it is not necessarily easy to keep track of where your password is really in RAM. Linux provides a system called mlock() which prevents the kernel from sending some specific pages to the swap space. Or leakage can occur when a machine is decommissioned and sold on eBay, and the sysadmin forgot to wipe out the disk contents. This allows for attacks where the bad guy grabs the machine and runs away with it, to inspect the data later on. In particular, it will stay there if the power is cut. An unfortunate consequence is that some data, purportedly held in RAM, makes it to a physical medium where it will stay until overwritten. Applications need not be aware of it, because the kernel will bring back the pages when needed (but, of course, disk is much slower than RAM). The illusion is maintained by swapping RAM contents with a dedicated space on the disk, where free space is present in larger quantities this is called virtual memory. The kernel is a master of illusions, and gives pages that do not necessarily exist. The "RAM" which the applications see is not necessarily true "memory". Since the OS enforces a separation of process, many people have tried to find ways to pierce these defenses. The OS is your friend, because if the OS is an enemy then you have utterly lost. By definition, by storing some confidential data in the memory of a process, you are trusting the operating system for not giving it away to third parties. The bottom-line is that passwords in RAM are no safer than what the operating system allows. The kernel allows one process to read and write the memory of the other, through ptrace(), provided that both processes run under the same user ID, or that the process which does the ptrace() is a "root" process. Of course, there are ways to escape the wrath of the kernel: a few doorways are available to applications which have "enough privilege" (not the same kind of privileges than above). but these operating system were meant for a single user per machine. Note that Windows 95/98/Millenium did not blank pages, and leaks could occur. This prevents leaking data from one process to another. Modern operating systems "blank" pages before giving them back, where "blanking" means "filling with zeros". When an application no longer needs a page (in particular when the application exits), the kernel takes control of the page and may give it to another process. An application which tries to access a page belonging to another application is blocked by the kernel, and severely punished ("segmentation fault", "general protection fault".). Applications obtain RAM by pages (typically 4 or 8 kB) from the kernel. Applications run at a lower level and are forcibly prevented by the kernel from reading or writing each other's memory. A central piece of the operating system is the kernel which runs at the highest privilege level (yes, I know there are subtleties with regards to virtualization) and manages the privilege levels. Thus, the hardware provides privilege levels. Linux), but also VMS and its relatives (and this family includes all Windows of the NT line, hence 2000, XP, Vista, 7, 8.), have been structured in order to support the mainframe model. Historically, computers were mainframes where a lot of distinct users launched sessions and process on the same physical machine.
0 Comments
Leave a Reply. |