touch-packages team mailing list archive

Thread
Date

[Bug 1224724] Re: Option to overwrite encryption key in memory on locking

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Sworddragon <1224724@xxxxxxxxxxxxxxxxxx>
Date: Fri, 02 Jan 2015 19:59:26 -0000
Reply-to: Bug 1224724 <1224724@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: pam (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1224724

Title:
  Option to overwrite encryption key in memory on locking

Status in pam package in Ubuntu:
  New
Status in xscreensaver package in Ubuntu:
  New

Bug description:
  I'm using Ubuntu 13.10 dev with xscreensaver 5.15-3ubuntu1. If the
  filesystem is encrypted (for example with ecryptfs) and the screen is
  locked the encryption key still resides in memory. Anybody with
  physical access could make a cold boot attack to get this key. The
  only solution is to logout from all instances so that the encryption
  key gets overriden.

  xscreensaver could provide an option to override this key too on
  locking the screen. The key will then be recovered if the user unlocks
  the screen with entering his password. But this has one disadvantage:
  As the user session is still open any running application could try to
  access the non-readable-anymore user directory. Normally nothing
  special should happen but applications with programming errors could
  crash. But if this happens it will be resolved in the future.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1224724/+subscriptions