I'm running Server 10.4.11. User passwords are showing up in the
swapfiles. For reasons best known to itself, Apple has disabled
secure virtual memory in Tiger Server,
No, it's something you chose not to enable. ;)
and I understand that policy has been continued in Leopard.
Leopard is a completely different OS and has a completely different
pager and kernel. It's not that the policy has been discontinued, as
first there never was a policy, but that the OS handles this quite
differently.
My attempts to hack around it haven't been successful; no matter
what I do, I can't get swap encryption to work.
Well you haven't exactly shared how you're "hacking" this, so it's
hard to tell you what you're doing wrong.
When I've raised this issue in discussion forums, the usual
reaction has been that it's not a problem, because the server
should be in a secure location. To save time, let me just say that
I disagree. This is a security hole in the OS.
Only if you've got permissions so munged that you're users can access
these files. Which is not how OS X ships.
I can understand that swap encryption might not be good for server
performance,
In fact it's not. And given that the swapfiles aren't readable by the
users this is a good trade off.
and that might be a reason not to enable it by default; but it's
not a reason to give the administrator no choice in the matter.
Which is why you do have a choice.
My questions are: Is there an unsupported way to enable secure VM
is Tiger Server? What about Leopard Server?
No, there's not an "un"supported/ way ;)
ENCRYPTSWAP=-YES-
-dhan
------------------------------------------------------------------------
Dan Shoop
Computer Scientist
iWiring / U.S. Technical Services
