| Title: | DIGITAL UNIX�(FORMERLY KNOWN AS DEC OSF/1) |
| Notice: | Welcome to the Digital UNIX Conference |
| Moderator: | SMURF::DENHAM |
| Created: | Thu Mar 16 1995 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 10068 |
| Total number of notes: | 35879 |
Hi, Is it possible to prevent certain information from being dumped when a system crashes? There are a few 3.2.G based AS 400 that are used as X.400 gateways. These are loaded with some encrypted keys that are used in the transaction routines. The customer is concerned that when a system dump takes place, it should not reveal the keys. Anyone know how to do this? We have built the kernel without the KDEBUG option. Is this a good idea or are there negative impacts to this? The customer is highly concerned about security and does not want passwords or keys revealed in a dump. BTW - the system has C2 activated with only <5 users. Are there any other items that we should remove from the system that would hinder people from debugging the kernel? We have not installed the C compiler, but have not checked to see if DBX is loaded by default. Thanks, Arjo
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 9798.1 | Readable (80 column) version of base note | SMURF::PBECK | Paul Beck | Tue May 13 1997 13:31 | 30 |
<<< Note 9798.0 by GENIE::MUKHERJEE >>>
-< Refrainf from dumping all information on 3.2.G >-
Hi,
Is it possible to prevent certain information from being dumped when a
system crashes?
There are a few 3.2.G based AS 400 that are used as X.400 gateways. These
are loaded with some encrypted keys that are used in the transaction
routines. The customer is concerned that when a system dump takes place, it
should not reveal the keys.
Anyone know how to do this?
We have built the kernel without the KDEBUG option. Is this a good idea or
are there negative impacts to this?
The customer is highly concerned about security and does not want passwords
or keys revealed in a dump. BTW - the system has C2 activated with only <5
users.
Are there any other items that we should remove from the system that would
hinder people from debugging the kernel? We have not installed the C
compiler, but have not checked to see if DBX is loaded by default.
Thanks,
Arjo
| |||||
| 9798.2 | Make the dump as secure as the memory. | WTFN::SCALES | Despair is appropriate and inevitable. | Tue May 13 1997 23:01 | 12 |
.1> Is it possible to prevent certain information from being dumped when a .1> system crashes? I doubt it. However, it should be possible to ensure that the dump itself is secure. Perhaps I'm missing something major, but it seems like if you can control access to the system, then you've won the battle. (I.e., normal security precautions about limiting root access should suffice, no??) Webb | |||||