lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 24 Aug 2006 15:11:27 +0200
From:	Pavel Machek <pavel@....cz>
To:	"Serge E. Hallyn" <sergeh@...ibm.com>
Cc:	Mimi Zohar <zohar@...ibm.com>, David Safford <safford@...ibm.com>,
	kjhall@...ibm.com, linux-kernel <linux-kernel@...r.kernel.org>,
	LSM ML <linux-security-module@...r.kernel.org>,
	linux-security-module-owner@...r.kernel.org
Subject: Re: [RFC][PATCH 8/8] SLIM: documentation

Hi!

> > > I hope this answered some of your questions.  We're working on
> > > more comprehensive documentation, which we'll post with the next
> > > release.
> > 
> > Do you have examples where this security model stops an attack?
> > 
> > Both my mail client and my mozilla will be UNTRUSTED (because of
> > network connections, right?) -- so mozilla exploit will still be able
> > t osee my mail? Not good. And ssh connects to the net, too, so it will
> > not even protect my ~/.ssh/private_key ?
> 
> I believe it will read your private_key while at a higher level, then
> will be demoted when it access the net.
> 
> Is that right?

Hmm.. you are the security expert here :-). But it still needs private
key while accessing the net.. so even if it does read from
~/.ssh/private_key, first,  what stops mozilla from waiting for
ssh to start talking on the network, and then read the key from ssh's
memory?

Do you have examples where this security model stops an attack?
								Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ