Re: [RFC][PATCH 8/8] SLIM: documentation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi!

> > > I hope this answered some of your questions.  We're working on
> > > more comprehensive documentation, which we'll post with the next
> > > release.
> > 
> > Do you have examples where this security model stops an attack?
> > 
> > Both my mail client and my mozilla will be UNTRUSTED (because of
> > network connections, right?) -- so mozilla exploit will still be able
> > t osee my mail? Not good. And ssh connects to the net, too, so it will
> > not even protect my ~/.ssh/private_key ?
> 
> I believe it will read your private_key while at a higher level, then
> will be demoted when it access the net.
> 
> Is that right?

Hmm.. you are the security expert here :-). But it still needs private
key while accessing the net.. so even if it does read from
~/.ssh/private_key, first,  what stops mozilla from waiting for
ssh to start talking on the network, and then read the key from ssh's
memory?

Do you have examples where this security model stops an attack?
								Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux