Swap-File / Swap-Partition and security ?Forum: Other Help Topics Topic: Swap-File / Swap-Partition and security ? started by: Key Posted by Key on Jan. 27 2007,19:38
I am happy with my write-protected DSL 3.2 usb-pen.Everything works great and each time I can boot with the same afterwards "untouched" usb-pen installation. Now I thought about the messages, which are shown during the boot from this DSL 3.2 usb-pen: - Using swap partition hda2 - Using swap partition hdb1 Some months ago (before I found DSL) I had Knoppix installed on my harddisks. I assume that DSL finds these old Knoppix swap-partitions automatically and uses them? What does this exactly mean in points of security? What is stored in a swap-partition? Will this be deleted when a logoff/shutdown is done? I am using the Opera 9.10 UNC file and hope that there won't be any data stored on the harddisk, which somebody could read by doing hack attacks (don't know whats possible in this area). Looking forward for some information. Thank you in advance. Posted by ^thehatsrule^ on Jan. 27 2007,20:19
Even though the data is volatile and lost upon shutdown, perhaps data could be recovered, like any other partitioning format (includes deleting files, etc). If you do not wish to use swap at all, I think you could boot with "noswap", or manually turn them off via swapoff. Posted by Key on Jan. 28 2007,07:50
Thank you for this information.This means, that there can be stored everything, probably in worst case also passwords and logins (?) Is there also an easy way to "clean" an already existing swap-partition without deleting it? Or is this being done automatically during logoff/shutdown? How to check this, if there are really no sensitive data left on the harddisk? Posted by ^thehatsrule^ on Jan. 28 2007,16:50
Let me put this into context.Let's take a brand new hard drive, newly partitioned and formatted. We place a file on it. Then we delete it. In reality, the data is still on the hard drive - just that the relevant links in the device's inodes/super block have been erased.
Posted by roberts on Jan. 28 2007,18:44
I suppose that if you really want to scrub the swap partition then you could. It would make your shutdown painfully slow. For example lets assume your swap partition is /dev/hda4 Then for liveCD or frugals unlink and copy /etc/init.d/knoppix-halt from /KNOPPIX As root edit /etc/init.d/knoppix-halt Then look for the line swapoff -a 2>/dev/null and add the following two lines dd /dev/zero /dev/hda4 mkswap /dev/hda4 Now upon shutdown zeroes will be written to the swap partition on /dev/hda4 and upon conclusion the swap signature will be once again installed as it will be needed upon next boot. However, this will be so slow as to be impractical. If you are paranoid about such things, then use boot option noswap, or perhaps carry around a micro usb drive, not flash, with your swap partition or swapfile and use noswap boot option and use /opt/bootlocal.sh for your swapon command. Posted by Key on Jan. 28 2007,19:37
Thanks very much!So the best solution is probably to clean the current existing swap-partitions with the following two commands: > dd /dev/zero /dev/hda4 > mkswap /dev/hda4 ("hda4" only as example, to be named according to the real used swap-partition) And boot with the boot option "noswap", in case high sensitive data will be used in the session. Posted by ^thehatsrule^ on Jan. 28 2007,20:14
Posted by skaos on Jan. 29 2007,12:11
Linux based disk wiper: < http://dban.sourceforge.net/ >You can also use "badblocks -svw /dev/disktowipe" from DSL to overwrite the disk four times. I would guess that overwriting once is good enough. |