Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library

On Sat, Jan 28, 2006 at 11:37:51AM -0500, Trond Myklebust wrote:

On Sat, 2006-01-28 at 11:46 +0100, David Härdeman wrote:
Not necessarily, if you have your ssh-keys in ssh-agent, a compromise ofyour account (forgot to lock the screen while going to the bathroom?did the OOM-condition occur which killed the program which locks thescreen? remote compromise of the system? local compromise?) means that a largearray of attacks are possible against the daemon.
In addition, as stated before, the "backup" account, or whatever user thedaemon which wants to sign stuff with your key is running as, might becompromised.
Currently, if you want to give the daemon access to the keys viassh-agent (or something similar), you have to change the permissions onthe ssh-agent socket to be much less restricted (especially since it'sunlikely that you have permission to change the uid or gid of the socketto that of the daemon). Alternatively you can provide the backup daemonwith the key directly (via fs, or loaded somehow at startup...etc), butthen a compromise of the daemon means that the attacker has the privatekey.
Finally, the in-kernel system also provides a mechanism for the daemonto request the key when it is needed should it realize that the properkey is missing/has changed/whatever.
Then fix ssh, not the kernel. As I said before, this is a problem that
has been solved entirely in userspace by means of proxy certificates:
they allow the user to issue time-limited certificates that are signed
by the original certificate (hence can be authenticated as such), and
that authorise a service to do a specific thing.

What about the first paragraph of what I wrote? You are going to want tokeep often-used keys around somehow, proxy certificates is not asolution for your own use of your personal keys and with the exceptionof hardware solutions such as smart cards, the keys will be safer in thekernel than in a user-space daemon...

Further, the mpi and dsa code can also be used for supporting signedmodules and binaries...the "store dsa-keys in kernel" part adds 376lines of code (counted with wc so comments and includes etc are alsocounted)...

Regards,
David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
  - From: Trond Myklebust <trond.myklebust@fys.uio.no>

References:
- Re: [PATCH 01/04] Add multi-precision-integer maths library
  - From: Christoph Hellwig <hch@infradead.org>
- [PATCH 00/04] Add DSA key type
  - From: David Härdeman <david@2gen.com>
- [PATCH 01/04] Add multi-precision-integer maths library
  - From: David Härdeman <david@2gen.com>
- Re: [PATCH 01/04] Add multi-precision-integer maths library
  - From: David Howells <dhowells@redhat.com>
- Re: [PATCH 01/04] Add multi-precision-integer maths library
  - From: David Härdeman <david@2gen.com>
- Re: [PATCH 01/04] Add multi-precision-integer maths library
  - From: Adrian Bunk <bunk@stusta.de>
- Re: [PATCH 01/04] Add multi-precision-integer maths library
  - From: David Härdeman <david@2gen.com>
- Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
  - From: Trond Myklebust <trond.myklebust@fys.uio.no>

Prev by Date: [RFC: 2.6 patch] DVB: remove the at76c651/tda80xx frontends
Next by Date: Re: RCU latency regression in 2.6.16-rc1
Previous by thread: Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
Next by thread: Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]