1 |
On Sat, Jan 23, 2016 at 12:17 PM, Mick <michaelkintzios@×××××.com> wrote: |
2 |
> I would have thought SSL certificates/keys would be protected in RAM, but if |
3 |
> you have a Man-In-The-Browser attack I guess they wouldn't be. |
4 |
> |
5 |
|
6 |
As far as I'm aware linux doesn't do anything to protect process RAM |
7 |
from other processes with the same UID, at least not without SELinux |
8 |
and such. But, I could be wrong on that. I'd expect that malware |
9 |
running under your uid or of course as root could read your browser's |
10 |
RAM. |
11 |
|
12 |
-- |
13 |
Rich |