From: Dax Kelson <dax@gurulabs.com>
To: "Trond Myklebust" <trond.myklebust@fys.uio.no>,
" \"David Härdeman\"" <david@2gen.com>
Cc: "Christoph Hellwig" <hch@infradead.org>, <keyrings@linux-nfs.org>,
<linux-kernel@vger.kernel.org>, "Adrian Bunk" <bunk@stusta.de>
Subject: Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
Date: Sun, 29 Jan 2006 11:49:24 -0700 [thread overview]
Message-ID: <406-SnapperMsg827D11E1C002BEC0@[70.7.65.98]> (raw)
In-Reply-To: <1138552702.8711.12.camel@lade.trondhjem.org>
..... Original Message .......
On Sun, 29 Jan 2006 11:38:22 -0500 "Trond Myklebust" <trond.myklebust@fys.uio.no> wrote:
>On Sun, 2006-01-29 at 12:33 +0100, David Härdeman wrote:
>
>> >Why would you want to use proxy certificates for you own use? Use your
>> >own certificate for your own processes, and issue one or more proxy
>> >certificates to any daemon that you want to authorise to do some limited
>> >task.
>>
>> I meant that you can't use proxy certs for your own use, so you still need
>> to store your own cert/key somehow...and I still believe that the kernel
>> keyring is the best place...
>
>Agreed. Now, reread what I said above, and tell me why this is an
>argument for doing dsa in the kernel?
>
>> >...and what does this statement about "keys being safer in the kernel"
>> >mean?
>>
>> swap-out to disk, ptrace, coredump all become non-issues. And in
>> combination with some other security features (such as disallowing
>> modules, read/write of /dev/mem + /dev/kmem, limited permissions via
>> SELinux, etc), it becomes pretty hard for the attacker to get your
>> private key even if he/she manages to get access to the root account.
>
>Turning off coredump is trivial. All the features that LSM provide apply
>to userland too (including security_ptrace()), so the SELinux policies
>are not an argument for putting stuff in the kernel.
>
>Only the swap-out to disk is an issue, and that is less of a worry if
>you use a time-limited proxy in the daemon.
I seem to remember a feature in the kernel that allows each uid to mlock a small number of memory pages specifically intended to be used by daemons that cache keys. It is possible this was a Fedora kernel patch and not in the mainline kernel.
>> >> Further, the mpi and dsa code can also be used for supporting signed
>> >> modules and binaries...the "store dsa-keys in kernel" part adds 376
>> >> lines of code (counted with wc so comments and includes etc are also
>> >> counted)...
>> >
>> >Signed modules sounds like a better motivation, but is a full dsa
>> >implementation in the kernel really necessary to achieve this?
>>
>> How would you do it otherwise?
>
>Has anyone tried to look for simpler signing mechanisms that make use of
>the crypto algorithms that are already in the kernel?
Maybe you meant something else, but history has shown that 'rolling your own' mechanism is a bad idea.
Are there even any suitable algorithms in the kernel??
___
Dax Kelson
Sent with my Treo
next prev parent reply other threads:[~2006-01-29 18:49 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-01-26 21:58 [PATCH 00/04] Add DSA key type David Härdeman
2006-01-26 21:58 ` [PATCH 03/04] Add encryption ops to the keyctl syscall David Härdeman
2006-01-26 21:58 ` [PATCH 02/04] Add dsa crypto ops David Härdeman
2006-01-26 21:58 ` [PATCH 01/04] Add multi-precision-integer maths library David Härdeman
2006-01-27 9:28 ` Christoph Hellwig
2006-01-27 20:07 ` David Howells
2006-01-27 20:41 ` David Härdeman
2006-01-27 22:19 ` [Keyrings] " Trond Myklebust
2006-01-27 23:35 ` Kyle Moffett
2006-01-28 0:27 ` Adrian Bunk
2006-01-28 3:45 ` Trond Myklebust
2006-01-28 7:17 ` Kyle Moffett
2006-01-28 10:39 ` Adrian Bunk
2006-01-28 0:22 ` Adrian Bunk
2006-01-28 10:46 ` David Härdeman
2006-01-28 13:03 ` Adrian Bunk
2006-01-28 17:09 ` David Härdeman
2006-01-28 16:37 ` [Keyrings] " Trond Myklebust
2006-01-28 16:57 ` David Härdeman
2006-01-29 3:20 ` Trond Myklebust
2006-01-29 11:33 ` David Härdeman
2006-01-29 12:29 ` Adrian Bunk
2006-01-29 13:09 ` Arjan van de Ven
2006-01-29 20:05 ` Steve French
2006-01-29 20:52 ` Arjan van de Ven
2006-01-29 21:41 ` Steve French
2006-02-06 12:31 ` David Howells
2006-01-29 23:18 ` Adrian Bunk
2006-01-29 13:18 ` David Härdeman
2006-01-29 23:36 ` Adrian Bunk
2006-01-30 18:09 ` Nix
2006-01-29 16:38 ` Trond Myklebust
2006-01-29 18:49 ` Dax Kelson [this message]
2006-01-29 19:10 ` Trond Myklebust
2006-01-29 21:29 ` David Härdeman
2006-01-29 21:46 ` Trond Myklebust
2006-01-29 21:13 ` David Härdeman
2006-01-29 21:28 ` Trond Myklebust
2006-01-29 22:02 ` David Härdeman
2006-01-29 22:05 ` Trond Myklebust
2006-01-29 22:54 ` Kyle Moffett
2006-01-29 23:07 ` Trond Myklebust
2006-01-29 23:15 ` Adrian Bunk
2006-01-29 21:09 ` Pavel Machek
2006-01-26 21:58 ` [PATCH 04/04] Add dsa key type David Härdeman
2006-01-27 1:10 ` [PATCH 00/04] Add DSA " Herbert Xu
2006-01-27 7:18 ` David Härdeman
2006-01-27 20:11 ` David Howells
2006-01-27 23:22 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='406-SnapperMsg827D11E1C002BEC0@[70.7.65.98]' \
--to=dax@gurulabs.com \
--cc=bunk@stusta.de \
--cc=david@2gen.com \
--cc=hch@infradead.org \
--cc=keyrings@linux-nfs.org \
--cc=linux-kernel@vger.kernel.org \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).