[PATCH v2 0/7] makedumpfile security key filtering with eppic

Vivek Goyal vgoyal at redhat.com
Fri Nov 16 09:59:51 EST 2012


On Fri, Nov 16, 2012 at 04:40:47PM +0530, Aravinda Prasad wrote:

[..]
> > Ok, are these the only places where key is. Can a copy of it exist in
> > some other buffers? We don't clear these.
> 
> 
> I don't think a copy exist in other places

I am wondering how does ssh work. User's private key is stored in .ssh/
and when authentication with server is happening then we must be signing
something with that private key and most likely it will be in some
buffer somewhere (user space buffer).

> 
> > 
> > Also, if key is the only issue, why not just write this logic in
> > makedumpfile and provide another option, --clear-kernel-keys.
> > 
> > Why to introduce such generic scheme.
> 
> 
> key is not the only issue, it was just an example. There could be other
> things as well (data in socket buffers, device driver buffers, etc)
> which customers may consider sensitive/private and are interested in
> scrubbing.
> 
> Also this is an extension to the already existing generic solution
> implemented in makedumpfile, where rules can be specified using --config
> option. This extension is built on the existing infrastructure and
> provides a more flexible and powerful way to specify the data to be
> scrubbed. For eg, scrubbing the keyring data mentioned in one of my
> previous mails would not be possible with --config option.

I am not against building infrastructure to scrub vmcore. I am only
concerned about size bloat of makedumpfile.

Thanks
Vivek



More information about the kexec mailing list