Re: [PATCH 0/12: eCryptfs] eCryptfs version 0.1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 21 Nov 2005, Michael Halcrow wrote:

> I think you brought up two categories of potential security
> vulnerabilities.

> The first has to do with the theoretical security of
> the algorithms -- do the encrypted files really have the attribute
> such that decrypting the files without the proper key is
> computationally infeasible? This is the job for the cryptographers to
> confront.
> 
> The other category has to do with ``exploits''; I assume you are
> talking about -- for instance -- malicious files that are able to
> circumvent the intended behavior of the code. Such vulnerabilities may
> coerce the filesystem to dump the secret key out to an insecure
> location. This is an extension of the general ``correctness'' problem
> that can be an issue with any code. I would say that this is the job
> of the engineers to help prevent. It basically involves verification
> that eCryptfs is handling all of its memory correctly (i.e., via data
> and control flow analysis).

There's a third important category: the design of the _system_.

(Which you end up discussing somewhat further in the email).

It would be great to have a document which describes the design of the 
system and includes a comprehensive security analysis.


- James
-- 
James Morris
<[email protected]>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux