Re: Is data in RAM insecure, or am I just paranoid?

I think the data in RAM is secure as long as your process has the RAM allocated to it. At least that's how it works in Linux. Not sure about Windows.

Once you free the RAM, other processes can potentially be allocated that same RAM and get access to the data in it. The usual defense against this is to write binary zeros over the sensitive data before freeing that section of memory. I'm not sure how to do this reliably in Perl, though.

Another potential risk is that the sensitive data will be swapped out to disk by the virtual memory system. Linux has a way of locking memory pages so they can't be swapped out (but the program has to be setuid root). I vaguely recall some setting in Windows that erases the VM file on shutdown. I think that would offer some protection against this risk.

Comment on Re: Is data in RAM insecure, or am I just paranoid?

Replies are listed 'Best First'.
Re^2: Is data in RAM insecure, or am I just paranoid? by chromatic (Archbishop) on Jul 16, 2004 at 05:09 UTC
I think the data in RAM is secure as long as your process has the RAM allocated to it. At least that's how it works in Linux. ... if you trust the kernel, any loaded modules, and any program with read access to `/proc/kmem`.	[reply] [d/l]
Re^2: Is data in RAM insecure, or am I just paranoid? by lhoward (Vicar) on Jul 16, 2004 at 12:49 UTC
Data in RAM isn't as secure as it seems. Even if you never store a piece of data on disk it can end up on disk as part of your swapfile for months and years if the page in memory its in happens to be swapped out. Perl variables (I believe) also do not guarantee erasure. Even simply reassigning the value of a variable or undefing it does not guarantee that its previous value is gone from memory. This problem just gets worse when you're dealing with more complicated perl constructs (hashes and arrays) `$a=qw{foo}; $a=qw{bar};` [download] "foo" may still exist in memory somewhere L	[reply] [d/l]


go ahead... be a heretic
	PerlMonks