 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
|||||||||
|
|||||||||
|
|
||||||||
|
|||||||||
08-14-2006, 02:01 AM
|
||||
|
||||
MAC SECURITY ISSUE! all passwords in cleartext !! :D
3.9 Clear Text Passwords in Swap File
Apple’s Security Framework does not use mlock() or equivalent to prevent passwords to be swapped to disk. Therefore it is likely, that user passwords and other passwords from the Keychain will be written to the swap file in clear text. You can verify this on your own Mac by typing: sudo strings /var/vm/swapfile0 |grep -A 4 -i longname longname Sart password XXXXX... (xxxxx... means password in clear text) shell -- longname ogin.done XTUM password XXXXX... -- longname XTUM password XXXXX... XTUM Last edited by aRt; 08-14-2006 at 02:03 AM.         
|
|
08-14-2006, 03:43 PM
|
|||
|
|||
There is a reason why only root has access to the swapfile. This problem exists on any platform, I think, as long as the swapfile is not encrypted.
Probably system passwords can be prevented from being swapped out, but any application which holds passwords is prone to be swapped out anyway.
|
| Sponsored links Remove advertisements | |
|
|
|
|
 |
| Bookmarks |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| MacRumors: Apple Addresses Security Issue in Safari 3.1.2 for Windows | hackint0sh | Latest Headlines | 0 | 06-20-2008 01:20 AM |
| MacNN: Security Update fixes Aperture 2.0 print issue | hackint0sh | Latest Headlines | 0 | 03-27-2008 12:10 AM |
| [Negative Black] Possible methods of fixing this goddamn issue... | Salmon-Face | General | 10 | 03-24-2008 12:21 AM |
| WiFi hotspot security (lack of) and VPN on the iPhone | nematodirus | General | 1 | 12-17-2007 08:08 PM |
| Xtreme OS X Security | bofors | Using Leopard | 56 | 04-07-2007 02:21 PM |
|
|
Linear Mode
