I'm running Server 10.4.11. User passwords are showing up in the
swapfiles. For reasons best known to itself, Apple has disabled
secure virtual memory in Tiger Server, and I understand that policy
has been continued in Leopard. My attempts to hack around it haven't
been successful; no matter what I do, I can't get swap encryption to
work.
When I've raised this issue in discussion forums, the usual reaction
has been that it's not a problem, because the server should be in a
secure location. To save time, let me just say that I disagree. This
is a security hole in the OS.
Swapfile encryption is disabled on the Server versions of the OS
because it involves a significant performance hit in serving files
over the network. A client computer tends to handle a limited amount
of data at one time (unless you're editing video) so it doesn't need
to thrash virtual memory often. Serving a lot of different files to a
lot of different users tends to involve handling a large amount of
data at one time, and constantly thrashing the available memory to do
it. With encryption on this involves a great deal of encrypting and
decrypting.
The protection on your swapfiles is in fact greater than the
protection of the files (actually it's a nest of directories) where
the passwords really live. If some cracker C has access to the
swapfiles then they also have access to the LDAP storage for your
server. So there's no huge advantage to encrypting virtual memory if
all you're worried about is protection of your user's account passwords.
If you are still concerned after reading this, isolate your services:
make sure that your authentication server is not the same computer as
your web server or your file server.
Simon
--
Simon Slavin Fylde Building Room C11
Computing Development Officer 01524 65201 x 93569
Psychology Department
University of Lancaster
