I'm running Server 10.4.11. User passwords are showing up in the
swapfiles. For reasons best known to itself, Apple has disabled
secure virtual memory in Tiger Server,
No, it's something you chose not to enable. ;)
No, it isn't.
When I've raised this issue in discussion forums, the usual
reaction has been that it's not a problem, because the server
should be in a secure location. To save time, let me just say that
I disagree. This is a security hole in the OS.
Only if you've got permissions so munged that you're users can
access these files. Which is not how OS X ships.
This is the sort of misconception I don't want to waste time on. What
do you think secure virtual memory is for? An attacker who has
physical access to the host can read any unencrypted file, regardless
of permissions.
I can understand that swap encryption might not be good for server
performance,
In fact it's not. And given that the swapfiles aren't readable by
the users this is a good trade off.
That's for the administrator to decide. For me, it's not a good
tradeoff.
and that might be a reason not to enable it by default; but it's
not a reason to give the administrator no choice in the matter.
Which is why you do have a choice.
No, I don't.
My questions are: Is there an unsupported way to enable secure VM
is Tiger Server? What about Leopard Server?
No, there's not an "un"supported/ way ;)
ENCRYPTSWAP=-YES-
That was, of course, the first solution I tried. If you have access
to Tiger Server, you can easily verify that it doesn't work, as other
people have done who held the same opinion. Setting that variable in
hostconfig causes /etc/rc to pass the -E option to dynamic_pager(8).
The option is ignored. I can recover passwords and other clear text
from swapfile1 (not swapfile0) despite
To repeat: setting ENCRYPTSWAP=-YES- has NO EFFECT in Tiger Server,
except possibly on swapfile0. Please don't quote the man page. Try it
yourself if you don't believe me.
