desktop-packages team mailing list archive

Thread
Date

Re: [Bug 1224724] [NEW] Option to overwrite encryption key in memory on locking

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Jamie Zawinski <jwz@xxxxxxx>
Date: Fri, 02 Jan 2015 19:49:26 -0000
Reply-to: Bug 1224724 <1224724@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This is an issue for the PAM stack, not for xscreensaver.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xscreensaver in Ubuntu.
https://bugs.launchpad.net/bugs/1224724

Title:
  Option to overwrite encryption key in memory on locking

Status in xscreensaver package in Ubuntu:
  New

Bug description:
  I'm using Ubuntu 13.10 dev with xscreensaver 5.15-3ubuntu1. If the
  filesystem is encrypted (for example with ecryptfs) and the screen is
  locked the encryption key still resides in memory. Anybody with
  physical access could make a cold boot attack to get this key. The
  only solution is to logout from all instances so that the encryption
  key gets overriden.

  xscreensaver could provide an option to override this key too on
  locking the screen. The key will then be recovered if the user unlocks
  the screen with entering his password. But this has one disadvantage:
  As the user session is still open any running application could try to
  access the non-readable-anymore user directory. Normally nothing
  special should happen but applications with programming errors could
  crash. But if this happens it will be resolved in the future.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xscreensaver/+bug/1224724/+subscriptions