Very Computer

Is there any secure shared memory on Linux
that can be guaranteed not to hit disk?  I'm working on a crypto
key-management daemon, and I really don't want sensitive data to
touch magnetic media.  SysV shm seems insecure (32-bit keys can be
guessed at random by other local users, no?).  If I mlock() a segment
of MAP_SHARED mmap()'d memory on Linux, will that guarantee that it
doesn't get written back out to the backing file?  I don't see any
reason to assume that, unfortunately.  Is there any way
to get such a guarantee?  I couldn't find any documentation for POSIX
shm on Linux; does glibc 2.1 support this?  Is it secure?  

I know that I can unlink() the backing file to an mmap()'d file as soon
as everyone's mmap()'d it, but if the data ever actually hits disk
(even when unlinked) then the Bad Guys might still bust in to my
house, grab the hard drive, peek at the platters with electron
microscopes, and learn the secrets of my new-and-improved jackboots --
now with chrome buckles!

Read that last sentence as:

  "Being overly paranoid results in more intellectually interesting
  challenges to overcome, even though in real life they'd just use
  *-hose cryptanalysis"

Alternatively, read it as "I'm curious".

Thanks for your time,

  Sumner

Quote:> I'm currently working on Linux but am interested in solutions on other
> Unix platforms (and even non-Unix platforms, gasp).

> Is there any secure shared memory on Linux
> that can be guaranteed not to hit disk?  I'm working on a crypto
> key-management daemon, and I really don't want sensitive data to
> touch magnetic media.  SysV shm seems insecure (32-bit keys can be
> guessed at random by other local users, no?).  If I mlock() a segment
> of MAP_SHARED mmap()'d memory on Linux, will that guarantee that it
> doesn't get written back out to the backing file?  I don't see any
> reason to assume that, unfortunately.  Is there any way
> to get such a guarantee?  I couldn't find any documentation for POSIX
> shm on Linux; does glibc 2.1 support this?  Is it secure?  

Quote:> > that can be guaranteed not to hit disk?  I'm working on a crypto
> > key-management daemon, and I really don't want sensitive data to
> > touch magnetic media.  SysV shm seems insecure (32-bit keys can be
> On Linux, Kernel memory never get swapped out. So you could write
> a driver module and interact via read/write/ioctl.
> Drawback: it isn't very portable.
> My first thought was: use DMA-save memory - but this leads also to a driver...

If you're really worried about this and want to do something
portable, it should be pointed out that bulk data need not be
stored in the server's memory in "plain-text" or "plain bytes",
and you probably can arrange to force the key to be stored in
a register or two (not completely portable).  This makes life
a bit harder for the bad guys, though there is no real gaurd against
someone causing a system panic then taking the disk unless you muck with
the kernel.

Best wishes,
 Mike