[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OpenSSH uploaded replacing ssh, please test

> ObOnTopic: This thread is drifting off topic. My personal feeling is that
> these fundamental ideas about security are relevant to debian development
> as a whole, and hence OK.  I hope you agree :)
> How does this help?  Pages written to disk can only be accessed by people
> with root access.  And if you don't trust root on a given machine, you're
> lost anyway (they could easily, for example, replace gpg or ssh with a
> trojan).  Have I missed something?
> Jules

I someone later actually physically got possession of
your disk drive they might be able to get old data off
the disk.  This (somewhat unlikely) situation is the only
relevant one (since root can just as easily peek around disk or

The reason the program must have root priviledge is that
allocating all the memory as non-swappable will probably
render the system unusable.

On linux-kernel it was once proposed to make a per-user pool of
non-swappable memory.  Probably too kludgey for the kernel...

- Dave

Reply to: