On Mon, Oct 24, 2005 at 04:15:02PM +0200, TAKAHASHI Tamotsu wrote: > pgppasswd.txt: > ========================================= > PGP message successfully decrypted. > ]9;1130148457 > mutt > mutt > /home/tamo/.mutt/pgp > <password> > /home/tamo/.terminfo [SNIP] > pgppasswd.2.txt: > ========================================= > 1234567890 > 1234567890 > 1234567890 > 1234567890 > 1234567890 > <password> > /home/tamo/.terminfo [SNIP] > So, if the machine you are running mutt is stolen, the disc may > contain your plain passphrase. Is this realistic? I don't know. > But it was so easy that I could demonstrate. If the thief knows a > part of your passphrase, he can grep it like I did. Worse yet... If an attacker can gain root via any sort of local compromise, or a remote one, they can read it from swap. My guess is that the passphrase will always appear in roughly the same place in relation to the strings you have there... All the attacker really needs to do is look for those, and/or look for strings that look like passphrases ( i.e. seem out of place in the context of mutt, and look like something someone might use as a passphrase). We know the username... the home directory is given in the swap file right along with the passphrase. Now the attacker who has gained root can identify the user, get a physical copy of (in all likelihood) both public and private key, and has the passphrase. With only root access without this exploit, the keys are available, but the passphrase remains unknown. So to add insult to injury, now your system is compromised, and all your sensitive documents are too (which may well contain encrypted credentials for accessing other sensitive information, like your on-line banking account, etc.). This is bad. This is precisely the sort of attack I was concerned about. Of course, that's theoretical. My guess is it's very unlikely someone will successfully exploit this against real users. That said, it would suck if it happened to you... The question is, as Thomas correctly points out, what can reasonably done about it? The usual method of preventing this sort of thing involves locking a segment of memory so that it can not swap. On most systems I'm familiar with, that requires root privileges (otherwise a DoS could ensue where a user allocates all the available RAM and locks it in memory). So Mutt would need to be SUID root for that to work. Not good. Then, any small security hole in mutt potentially becomes a root compromise. Not good at all. Probably the best solution is to use something like gpgagent, if it does indeed protect against this (which it should). Still, if someone can think of a reasonable solution, I'd like to see it. The only semi-reasonable solution I can think of is to have mutt SUID, allocate a block of memory for storing the passphrase as soon as humanly possible, and drop privileges immediately. The amount of exposed code should be very minimal... -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail. Sorry for the inconvenience. Thank the spammers.
Attachment:
pgpHKTMREr2P8.pgp
Description: PGP signature