Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, 2006-01-29 at 12:33 +0100, David Härdeman wrote:

> >Why would you want to use proxy certificates for you own use? Use your
> >own certificate for your own processes, and issue one or more proxy
> >certificates to any daemon that you want to authorise to do some limited
> >task.
> 
> I meant that you can't use proxy certs for your own use, so you still need 
> to store your own cert/key somehow...and I still believe that the kernel 
> keyring is the best place...

Agreed. Now, reread what I said above, and tell me why this is an
argument for doing dsa in the kernel?

> >...and what does this statement about "keys being safer in the kernel"
> >mean?
> 
> swap-out to disk, ptrace, coredump all become non-issues. And in 
> combination with some other security features (such as disallowing 
> modules, read/write of /dev/mem + /dev/kmem, limited permissions via
> SELinux, etc), it becomes pretty hard for the attacker to get your 
> private key even if he/she manages to get access to the root account.

Turning off coredump is trivial. All the features that LSM provide apply
to userland too (including security_ptrace()), so the SELinux policies
are not an argument for putting stuff in the kernel.

Only the swap-out to disk is an issue, and that is less of a worry if
you use a time-limited proxy in the daemon.

> >> Further, the mpi and dsa code can also be used for supporting signed 
> >> modules and binaries...the "store dsa-keys in kernel" part adds 376 
> >> lines of code (counted with wc so comments and includes etc are also 
> >> counted)...
> >
> >Signed modules sounds like a better motivation, but is a full dsa
> >implementation in the kernel really necessary to achieve this?
> 
> How would you do it otherwise?

Has anyone tried to look for simpler signing mechanisms that make use of
the crypto algorithms that are already in the kernel?

Cheers,
  Trond

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux