On Sat, Jan 05, 2002 at 10:59:23AM +0000, Jon Masters wrote:
> [OT]
>
> I'm looking at using encrypted swap on a new box soon, anyone here doing
> this? Usually I have to say I don't bother encrypting swap and rely on
> sensitive stuff being mlock()ed :-)
Um, quite what would be the point of this? Do you encrypt the contents of
your RAM? If you're machine is being used by other people then they will
be able to read RAM and swap contents if they wish. If you are using
encrypted memory then that would have to be done at a fairly low level:
normally in the kernel in which case it makes no difference - only if
you're machine is stolen whilst it is turned off does this kind of
encryption make any difference - it's the same as using encrypted
filesystems: has no bonus whilst the machine is in use as the OS has to
be able to read and write to the medium. Or am I missing something?
> 2.4 has LARGEFILE support and most of the useful simple utils now use
> O_LARGEFILE create flags kludge when handling files...which is useful.
> Anyway, swap is not a regular file and has been handled differently.
I couldn't remember if this was the case or not - I just kept coming across
people having the same problems with enbd and the main developer saying that
it's the large file limit. But then his handling of devfs isn't too bright
either so I think he's still working with 2.2.x kernels...
> > The other thing you might want to try is to use klogd and have it pipe
> > output through nc to another machine.
>
> I'll just use remote syslogging for now I think - serial console should
> log any future panics . I've installed the serial console now (well it's
> there but I'm waiting on adding more serial ports to another box)
Well yes - it probably is easier but only if you've got the hardware to do
it with - I've never even seen a working serial console... :-(
Matthew
--Matthew Sackman Nottingham England
BOFH Excuse Board: waste water tank overflowed onto computer
This archive was generated by hypermail 2.1.3 : Sat 05 Jan 2002 - 19:58:32 GMT