| 1 |
On Sat, Jan 23, 2016 at 12:17 PM, Mick <michaelkintzios@×××××.com> wrote: |
| 2 |
> I would have thought SSL certificates/keys would be protected in RAM, but if |
| 3 |
> you have a Man-In-The-Browser attack I guess they wouldn't be. |
| 4 |
> |
| 5 |
|
| 6 |
As far as I'm aware linux doesn't do anything to protect process RAM |
| 7 |
from other processes with the same UID, at least not without SELinux |
| 8 |
and such. But, I could be wrong on that. I'd expect that malware |
| 9 |
running under your uid or of course as root could read your browser's |
| 10 |
RAM. |
| 11 |
|
| 12 |
-- |
| 13 |
Rich |
Archives