Your running programs, open files, and other data your Mac is actively working with are stored in this physical memory. While your Mac only has a limited amount of physical memory, it exposes a larger area of available virtual memory to running programs. Applications are free to use as much memory as they want within these limitations. This is basically the same thing as the page file on Windows , and the swap space on Linux and other UNIX-like operating systems. Modern versions of macOS actually go through even more trouble to avoid paging out data to the disk, compressing data stored in memory as much as possible before paging it out.
Most UNIX-like operating systems use a separate partition for the swap file, permanently allocating part of your storage to swap space.
Instead, it stores the swapfile files on your system storage drive. This allows the Mac to save its state—including all your open applications and files—while shutting down and not using any power. To view the contents of this directory and see how much space these files are currently using on disk, you can open a Terminal window and run the following command. The macOS operating system and running applications expect it to be enabled.
However, it is technically possible to disable the backing store—that is, those swapfiles on disk—on macOS. The macOS operating system and the applications running on it expect the virtual memory system to work properly. Yes, even if you have 16 GB or more of RAM, it may sometimes fill up—especially if you run demanding professional applications like video, audio, or image editors that need to store a lot of data in memory.
Leave it alone. There are two reasons why people might want to disable the virtual memory feature and remove the swapfile files from disk. First, you may be concerned about disk space usage. You may want to get rid of these files to free up some space. Try closing demanding programs—or even rebooting—and the swapfile files should shrink and stop using space. Many people are worried that excess writes to a solid-state drive could reduce its lifespan and cause problems.
This is why the military developed the Tempest enclosure; it prevents physical access to all but the keyboard and mouse. Almost :- Tempest-rated enclosures are designed to keep out non-physical access to your system.
That is, they prevent someone from being able to intercept the RF signals put out by your system by having really tight sheilding. The reason that this is a problem is that sophisticated snoopers can 'see' what you are doing on your system by analyzing the RF it puts out. As far as the military is concerned, keeping a handle on physical access is what twitchy 18yr olds with M16s are for Your system will not die a horrible death. I have tested using No vm swap on numerous systems for several weeks now.
At worst you may get a beach ball when you try and open many many things at once It depends on how much RAM your machine has. As I said in the above hint this is for people who require more security than the current level of OSX default installation. For those who can not tolerate the fact that their Login and FileVault and Keychain passwords re there for the easy pickings to anyone that can has physical access to there machine or who roots it through a remote exploit!
Your fantasy of security is slightly off centre. If the window server cannot malloc memory, then it will freeze. Once it has froze, you can ssh in and start killing things to free memory, but then you lose unsaved work. If you can't free enough to un-freeze the window server, then its dead. If someone roots your machine through some yet-to-be-discovered remote exploit that you have left on your machine even after a patch is released which would happen within days , then they have access to the kernel and can grab passwords from memory, forget the swap file.
If someone has root, then you're screwed. If your fantasy of keeping passwords off disk makes you feel special, then by all means go for it, it will only prevent you from working efficiently.
Recommending that others do it is irresponsible. I have tried the grepping for password trick and it is particularly disturbing that my password showed up a dozen times, since then I have made sure that my login password and the root if you make the mistake to enable root password are different from all my other passwords and have discovered that I am unable to find my password in memory.
I do not know if this is sufficient proof that this "hole" is not as bad as you pretend, but it is does mean that there is almost no way for someone to crack my passwords, assuming that they can somehow get root to see my swap files anyway.
Go check out John the Ripper, it might bother you sufficiently to go delete your hard drive to make sure your passwords are safe. JP Pell. Sorry about that. I was under the impression it was for physical access. They have other enclosures that keep people away from switches, connectors, floppy drives, etc. This is why OpenBSD encrypts its swap. One can hope that Apple will at least offer the option to encrypt swap at some point in the future. About a month ago there was a discussion on macintouch.
It is erasing all pass phrases from memory directly after using them which should prevent them from ending up in a swap file. While PGP disk works great and I definately reccomnend it as a better replacement to those using FileVault swap on or not. Using PGP Vault does still not adress all the other security concerns with using vm swap. Keychain login passwords and more are all written to swap plain text. Previous Node.
Next Node. Recommended Articles. Article Contributed By :. Easy Normal Medium Hard Expert. Writing code in comment? Please use ide. Load Comments. Do I have to manually delete that file? Add a comment. Active Oldest Votes. To avoid an error on startup regarding dphys service, try to disable swap on this way: sudo dphys-swapfile swapoff sudo dphys-swapfile uninstall sudo update-rc.
Improve this answer. Feriman Feriman 2 2 silver badges 4 4 bronze badges. How exactly is it better than the other suggestions? DmitryGrigoryev, the other solution leave errors on startup. It doesn't. Explaining that your solution avoids startup errors and perhaps saying which ones would make your answer much better than just claiming it's "the best way".
DmitryGrigoryev, you're right, I edited my answer. I used to use sudo update-rc.
0コメント