grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] erase variable data on user unset

From: Isaac Dupree
Subject: Re: [PATCH] erase variable data on user unset
Date: Sun, 10 Feb 2008 16:31:51 -0500
User-agent: Thunderbird 2.0.0.6 (X11/20071022) 
Robert Millan wrote:

On Sun, Feb 10, 2008 at 03:00:31PM -0500, Isaac Dupree wrote:

Robert Millan wrote:

On Sun, Feb 10, 2008 at 01:00:50PM -0500, Isaac Dupree wrote:
anyway if a hash is used that takes (by design) around one second on the machine (e.g. sha256 repeated thousands? millions? of times), then I suppose the time taken to erase the memory used by GRUB would be trivial in comparison, assuming(rightly or wrongly) a good implementation... 
The problem is not time, it's just to find the right way to do it.
yeah. probably involves thinking about GRUB's allocation and deallocation mechanisms, which I don't know anything about and don't have time to investigate :-/ 

This should address your concern.  As to why I propose to put this in unset
command rather than kernel, since GRUB itself doesn't have any mechanisms
where a variable would contain sensible information, I think it's better to
protect user variables only.
okay, is the idea that the script should explicitly unset sensitive variables, or are they all automatically unset upon boot? (if "unset" command is loaded?) 

Anyway, thanks for looking into this!

-Isaac
reply via email to
[Prev in Thread] Current Thread [Next in Thread]