Comment 10 for bug 1878115
Revision history for this message
| Zbigniew Jędrzejewski-Szmek (zbyszek-in) wrote | #10 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Oh, man. Once the password is written to a file on a real disk (/var/...), it should be considered compromised. Using shred or rm makes no guarantee that the bytes are removed from the device. In particular, it would be fairly trivial to do something like "grep 'merged config' /dev/sda" and chances are that this will find the password if it was written there.
Writing the password to /run/... is much much better though not ideal. /run is backed by a tmpfs, and tmpfs contents can be written out to swap. Chances of this happening and password being retrievable from disk are much smaller than in case of a disk-backed filesystem, but keeping the password always in mlocked memory would be better.