On Wed, Apr 22, 2009 at 12:14:14PM -0400, Eric Brackenbury wrote:
> So are machines with large RAM and no swap
> partition more secure then?
> Logic says it should be BUT! there can always be a but cant there, who
> knows if there is one in this case?
It might be more secure from one perspective. But then you might run
into a out-or-memory (OOM) condition causing an application to be
killed and you lose data. An encrypted swap is easy to setup and
mitigates the vulnerability.
In Ubuntu and Debian you need the cryptsetup package.
Stop swap
$ sudo swapoff -a
Add a line to /etc/crypttab
cswap /dev/Swap-Partition /dev/random swap
Start cryptdisks
$ sudo /etc/init.d/cryptdisks restart
Edit /etc/fstab to use /dev/mapper/cswap as the swap partition
Start swap
$ sudo swapon -a
done. I would not be surprised if Suse and Red Hat were the same or
very similar.
The down side to the above is that you can no longer "hibernate" or
hardware-suspend. However if you use root and swap on LVM on Encrypted
disk you can (atleast with Debian, Ubuntu, and derivatives). That is
the setup I use on laptops. Setting that up is an install option for
Debian and Ubuntu. I don't know about others. You can refit a system
to use LVM on an encrypted disk but it is hard enough that I just
reinstall.
--
sg