From: Nigel Cunningham <ncunningham@crca.org.au>
To: Jonathan Brossard <jonathan@iviztechnosolutions.com>
Cc: ncunningham@users.sourceforge.net, chabaud@users.sourceforge.net,
bernardb@users.sourceforge.net, seasons@users.sourceforge.net,
techteam@ivizindia.com,
"CERT(R) Coordination Center" <cert@cert.org>,
mhfl@users.sourceforge.net,
linux-pm <linux-pm@lists.linux-foundation.org>,
Jonathan Brossard <jonathan@ivizindia.com>
Subject: Re: Vulnerability in Software Suspend 2 (all versions)
Date: Mon, 28 Jul 2008 18:58:01 +1000 [thread overview]
Message-ID: <1217235481.8430.124.camel@nigel-laptop> (raw)
In-Reply-To: <488D8853.7080907@iviztechnosolutions.com>
Hi again.
On Mon, 2008-07-28 at 14:20 +0530, Jonathan Brossard wrote:
> Dear Nigel,
>
> >This is not a bug in TuxOnIce (or for that matter other Linux
> >hibernation implementations, which would have the same issue).
>
> Yes it is.
>
> >TuxOnIce has no way to know what running applications have passwords
> >stored in memory or whether they are storing them in an encrypted format
> >or not. Bugs should be filed against applications that are storing
> >passwords in plain text.
>
> We are talking about the password of tuxonice itself here...
TuxOnIce itself doesn't have any password support. Do you mean a
password for encrypted swap or such like?
> Please boot a computer using tuxonice, go for hibernation,
> reboot, and then type this (as root) :
>
> xxd -l 32 -s 0x041e /dev/mem
>
>
> >By the way, these contact email addresses are grossly out of date. For
> >TuxOnIce, the contact is nigel@tuxonice.net. For swsusp and uswsusp
> >(which would have the same problem), refer to linux-pm@lists.osdl.org.
>
> I did my best to find one on the site's website and ended up
> taking those of sourceforge.
Hmm, you're right there. I'll address that shortly.
Regards,
Nigel
next prev parent reply other threads:[~2008-07-28 8:58 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <488D821D.5060603@iviztechnosolutions.com>
[not found] ` <488D8449.2010006@iviztechnosolutions.com>
2008-07-28 8:48 ` Vulnerability in Software Suspend 2 (all versions) Nigel Cunningham
2008-07-28 8:50 ` Jonathan Brossard
2008-07-28 8:58 ` Nigel Cunningham [this message]
2008-07-28 8:59 ` Jonathan Brossard
2008-08-09 13:49 ` florent.chabaud
2008-08-09 23:53 ` Jonathan Brossard
2008-08-18 7:01 ` Jonathan Brossard
[not found] ` <1217234068.8430.108.camel@nigel-laptop>
[not found] ` <488D86BB.1050500@iviztechnosolutions.com>
2008-07-28 8:52 ` Nigel Cunningham
2008-07-28 8:56 ` Jonathan Brossard
2008-07-28 9:40 ` Nigel Cunningham
2008-07-28 22:46 ` Rafael J. Wysocki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1217235481.8430.124.camel@nigel-laptop \
--to=ncunningham@crca.org.au \
--cc=bernardb@users.sourceforge.net \
--cc=cert@cert.org \
--cc=chabaud@users.sourceforge.net \
--cc=jonathan@ivizindia.com \
--cc=jonathan@iviztechnosolutions.com \
--cc=linux-pm@lists.linux-foundation.org \
--cc=mhfl@users.sourceforge.net \
--cc=ncunningham@users.sourceforge.net \
--cc=seasons@users.sourceforge.net \
--cc=techteam@ivizindia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox