Navigation


Opened 10 years ago

Last modified 10 years ago

#28 new defect

Warning: using insecure memory!

Reported by: Sebastien Decugis Owned by: Administrator
Priority: minor Milestone:
Component: framework Version: tip
Keywords: Cc: dev@freediameter.net
Blocked By: Blocking:

Description

Problem seen first here.

It seems that memory used by GNU TLS should be pinned so that it never gets swapped to disk, which would result in a security risk.

Need to investigate how this is achieved / what impact it has on freeDiameter framework.

Change History (1)

comment:1 Changed 10 years ago by Administrator

More information: this warning is issued by the gcrypt library (linked by gnutls) that attempts to mlock() some memory pages to store crypto information there.

With recent Linux kernels (>=2.6.9), this seems to succeeds, even for a normal user.

With older Linux kernels or FreeBSD kernels, the process needs root priviledges to mlock memory. However, when mlock fails, the library issues a warning but uses the memory anyway.

This represents a potential security risk... It will require some additional search for a "clean" solution here.

The problem does not exist when freeDiameter runs as root.

Note: See TracTickets for help on using tickets.