I'm running Server 10.4.11. User passwords are showing up in the
swapfiles. For reasons best known to itself, Apple has disabled
secure virtual memory in Tiger Server, and I understand that policy
has been continued in Leopard. My attempts to hack around it haven't
been successful; no matter what I do, I can't get swap encryption to
work.
When I've raised this issue in discussion forums, the usual reaction
has been that it's not a problem, because the server should be in a
secure location. To save time, let me just say that I disagree. This
is a security hole in the OS. I can understand that swap encryption
might not be good for server performance, and that might be a reason
not to enable it by default; but it's not a reason to give the
administrator no choice in the matter.
The occurrences of passwords in the swapfiles take the following form:
This seems to be related to FileVault, which I use for the admin
account. Of course, since it's the admin password that's in the
swapfiles, FileVault is useless.
The writing of the password to disk isn't the only issue, needless to
say. Potentially, any encrypted data could leak out by the same
mechanism.
My questions are: Is there an unsupported way to enable secure VM is
Tiger Server? What about Leopard Server?
Thanks in advance for replies.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
