Option to overwrite encryption key in memory on locking

Bug #1224724 reported by Sworddragon on 2013-09-12
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pam (Ubuntu)
Undecided
Unassigned
xscreensaver (Ubuntu)
Undecided
Unassigned

Bug Description

I'm using Ubuntu 13.10 dev with xscreensaver 5.15-3ubuntu1. If the filesystem is encrypted (for example with ecryptfs) and the screen is locked the encryption key still resides in memory. Anybody with physical access could make a cold boot attack to get this key. The only solution is to logout from all instances so that the encryption key gets overriden.

xscreensaver could provide an option to override this key too on locking the screen. The key will then be recovered if the user unlocks the screen with entering his password. But this has one disadvantage: As the user session is still open any running application could try to access the non-readable-anymore user directory. Normally nothing special should happen but applications with programming errors could crash. But if this happens it will be resolved in the future.

This is an issue for the PAM stack, not for xscreensaver.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers