DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 28th May 2008
delboy's Avatar
delboy delboy is offline
Fdisk Soldier
 
Join Date: May 2008
Posts: 63
Thanked 0 Times in 0 Posts
Default (ttyv0) message.

In ttyv0 I get this message:
gnome-keyring-daemon[877]couldn't allocate secure memory to keep passwords and or keys from being written to the disk.

I cannot find anything in the handbook or by googling,is it something I should worry about.
Is ttyv0 the right term to use,or does it have another name.
Reply With Quote
  #2   (View Single Post)  
Old 28th May 2008
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Thanked 112 Times in 104 Posts
Default

Gnome keyring and KDE KWallet are essentially the same thing (if you are familiar with KDE).


Judging by the message my guess is it can not place the passwords in memory in whatever it defines as a 'secure' place that can't be read or corrupted by other programs.

If it's stored on disk instead of in memory, hopeflly not in $TMPDIR, /tmp, /var/tmp. And stored with a decent encryption algorithm so that access is done by prompting the daemon for it's unencrypted form.

Be worried? Depends on the situation.

The first virtual teletype is a place where a number of system messages go, you can adjust whats sent there with syslog's facilities for it I think.


Which is why I usually use ttyv1 to login from.
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
  #3   (View Single Post)  
Old 28th May 2008
ephemera's Avatar
ephemera ephemera is offline
Knuth's homeboy
 
Join Date: Apr 2008
Posts: 537
Thanked 49 Times in 43 Posts
Default

Quote:
Originally Posted by delboy View Post
In ttyv0 I get this message:
gnome-keyring-daemon[877]couldn't allocate secure memory to keep passwords and or keys from being written to the disk.
i think it means that gnome-keyring-daemon couldn't perform mlock(2) to lock memory pages since mlock(2) requires root privileges. this is probably a security measure. check what user its running as?
Reply With Quote
  #4   (View Single Post)  
Old 29th May 2008
delboy's Avatar
delboy delboy is offline
Fdisk Soldier
 
Join Date: May 2008
Posts: 63
Thanked 0 Times in 0 Posts
Default

ephemera

Thanks for the suggestion,still feeling my way around freeBSD,how would I go about checking mlock(2) privileges.
Reply With Quote
  #5   (View Single Post)  
Old 29th May 2008
ephemera's Avatar
ephemera ephemera is offline
Knuth's homeboy
 
Join Date: Apr 2008
Posts: 537
Thanked 49 Times in 43 Posts
Default

what's the o/p of:
ps -j `pgrep gnome-keyring`
Reply With Quote
  #6   (View Single Post)  
Old 29th May 2008
delboy's Avatar
delboy delboy is offline
Fdisk Soldier
 
Join Date: May 2008
Posts: 63
Thanked 0 Times in 0 Posts
Default

derek# ps -j pgrep gnome-keyring
ps: illegal argument: pgrep
usage: ps [-aCcefHhjlmrSTuvwXxZ] [-O fmt | -o fmt] [-G gid[,gid...]]
[-M core] [-N system]
[-p pid[,pid...]] [-t tty[,tty...]] [-U user[,user...]]
ps [-L]
Reply With Quote
  #7   (View Single Post)  
Old 29th May 2008
ephemera's Avatar
ephemera ephemera is offline
Knuth's homeboy
 
Join Date: Apr 2008
Posts: 537
Thanked 49 Times in 43 Posts
Default

you missed the backticks
Reply With Quote
  #8   (View Single Post)  
Old 29th May 2008
delboy's Avatar
delboy delboy is offline
Fdisk Soldier
 
Join Date: May 2008
Posts: 63
Thanked 0 Times in 0 Posts
Default

ephemera

Sorry I must learn to concentrate a bit more.

derek# ps -j `pgrep gnome-keyring`
USER PID PPID PGID SID JOBC STAT TT TIME COMMAND
derek 871 1 846 846 0 I ?? 0:00.01 /usr/local/bin/gnome-key
Reply With Quote
  #9   (View Single Post)  
Old 29th May 2008
ephemera's Avatar
ephemera ephemera is offline
Knuth's homeboy
 
Join Date: Apr 2008
Posts: 537
Thanked 49 Times in 43 Posts
Default

its not running as root. you could make the program suid but IMO making a program suid thats not been carefully written and audited is a greater risk than someone reading sensitive info paged out to disk.
i would suggest that you ignore the error messages and if it bugs you too much you could disable it via syslog.conf. if you still have any doubts then write to the port maintainer.

Last edited by ephemera; 29th May 2008 at 08:18 PM.
Reply With Quote
Old 29th May 2008
delboy's Avatar
delboy delboy is offline
Fdisk Soldier
 
Join Date: May 2008
Posts: 63
Thanked 0 Times in 0 Posts
Default

derek# ps -j `pgrep gnome-keyring`
USER PID PPID PGID SID JOBC STAT TT TIME COMMAND
derek 871 1 846 846 0 I ?? 0:00.01 /usr/local/bin/gnome-key


Using the quick reply box distorted it a bit,this should be better.
Reply With Quote
Old 29th May 2008
delboy's Avatar
delboy delboy is offline
Fdisk Soldier
 
Join Date: May 2008
Posts: 63
Thanked 0 Times in 0 Posts
Default

ephemera

Thank you kindly for all your help,will take your advice and ignore it.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Last message repeated x times delboy FreeBSD General 6 25th June 2009 10:08 AM
Default message coloration cyril OpenBSD Installation and Upgrading 5 6th June 2009 02:13 PM
shutdown message Mr-Biscuit FreeBSD General 1 16th November 2008 11:59 PM
Message alerts? ocicat Feedback and Suggestions 2 2nd May 2008 03:25 PM


All times are GMT. The time now is 06:22 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick