Swap-File / Swap-Partition and security ?


Forum: Other Help Topics
Topic: Swap-File / Swap-Partition and security ?
started by: Key

Posted by Key on Jan. 27 2007,19:38
I am happy with my write-protected DSL 3.2 usb-pen.
Everything works great and each time I can boot with the same afterwards "untouched" usb-pen installation.

Now I thought about the messages, which are shown during the boot from this DSL 3.2 usb-pen:

- Using swap partition hda2
- Using swap partition hdb1

Some months ago (before I found DSL) I had Knoppix installed on my harddisks. I assume that DSL finds these old Knoppix swap-partitions automatically and uses them?
What does this exactly mean in points of security?
What is stored in a swap-partition?
Will this be deleted when a logoff/shutdown is done?

I am using the Opera 9.10 UNC file and hope that there won't be any data stored on the harddisk, which somebody could read by doing hack attacks (don't know whats possible in this area).

Looking forward for some information.
Thank you in advance.

Posted by ^thehatsrule^ on Jan. 27 2007,20:19
Quote
I assume that DSL finds these old Knoppix swap-partitions automatically and uses them?
Yes

Quote
What is stored in a swap-partition?
It's used as additional temporary memory, also known as a pagefile in winspeak (in addition to RAM).  This is usually invoked when there's a shortage or physical memory.

Even though the data is volatile and lost upon shutdown, perhaps data could be recovered, like any other partitioning format (includes deleting files, etc).  If you do not wish to use swap at all, I think you could boot with "noswap", or manually turn them off via swapoff.

Posted by Key on Jan. 28 2007,07:50
Thank you for this information.

This means, that there can be stored everything, probably in worst case also passwords and logins (?)

Is there also an easy way to "clean" an already existing swap-partition without deleting it?

Or is this being done automatically during logoff/shutdown?
How to check this, if there are really no sensitive data left on the harddisk?

Posted by ^thehatsrule^ on Jan. 28 2007,16:50
Let me put this into context.

Let's take a brand new hard drive, newly partitioned and formatted.  We place a file on it.  Then we delete it.
In reality, the data is still on the hard drive - just that the relevant links in the device's inodes/super block have been erased.


Quote
This means, that there can be stored everything, probably in worst case also passwords and logins (?)
Maybe, but these kind of applications should be secure enough.  (ie if you want to save them, they are encrypted)

Posted by roberts on Jan. 28 2007,18:44
I suppose that if you really want to scrub the swap partition then you could. It would make your shutdown painfully slow.

For example lets assume your swap partition is /dev/hda4

Then for liveCD or frugals unlink and copy /etc/init.d/knoppix-halt from /KNOPPIX

As root edit /etc/init.d/knoppix-halt

Then look for the line
swapoff -a 2>/dev/null

and add the following two lines
dd /dev/zero /dev/hda4
mkswap /dev/hda4

Now upon shutdown zeroes will be written to the swap partition on /dev/hda4 and upon conclusion the swap signature will be once again installed as it will be needed upon next boot.

However, this will be so slow as to be impractical.

If you are paranoid about such things, then use boot option noswap, or perhaps carry around a micro usb drive, not flash, with your swap partition or swapfile and use noswap boot option and use /opt/bootlocal.sh for your swapon command.

Posted by Key on Jan. 28 2007,19:37
Thanks very much!

So the best solution is probably to clean the current existing swap-partitions with the following two commands:
> dd /dev/zero /dev/hda4
> mkswap /dev/hda4
("hda4" only as example, to be named according to the real used swap-partition)

And boot with the boot option "noswap", in case high sensitive data will be used in the session.

Posted by ^thehatsrule^ on Jan. 28 2007,20:14
Quote
So the best solution is probably to clean the current existing swap-partitions with the following two commands:
> dd /dev/zero /dev/hda4
> mkswap /dev/hda4
("hda4" only as example, to be named according to the real used swap-partition)
I suppose that works, but I seem to remember a program in windows that would clean files off a (standard) hard drive permanently - but it suggested that 7 overwrites should be safe enough.  Don't know how paranoid that really is, but that would be running the dd command 7 more times!

Posted by skaos on Jan. 29 2007,12:11
Linux based disk wiper: < http://dban.sourceforge.net/ >
You can also use "badblocks -svw /dev/disktowipe" from DSL to overwrite the disk four times.
I would guess that overwriting once is good enough.

Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.