lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 3 Apr 2007 16:03:07 +0000
From:	Pavel Machek <pavel@....cz>
To:	Tasos Parisinos <t.parisinos@...ensis.com>
Cc:	Andi Kleen <andi@...stfloor.org>, herbert@...dor.apana.org.au,
	linux-kernel@...r.kernel.org, randy.dunlap@...cle.com, indan@....nu
Subject: Re: [PATCH resend][CRYPTO]: RSA algorithm patch

Hi!

> >>The best environment to deploy such functionality is 
> >>in updating by remote,
> >>executable code (programs, libs and modules) on 
> >>embedded devices running
> >>Linux, that have some form of kernel physical 
> >>security, so one can't 
> >
> >How would that physical security look like? Would it 
> >include DMA
> >protection?
> >
> >For example to do any useful form of graphics you need
> >user controllable DMA, which can normally touch 
> >everything.
> >There are various other similar "backdoors" for root.
> >
> >I'm somewhat sceptical because all kernels will need 
> >access
> >to the direct mapping to operate and there are also 
> >various
> >interfaces that can be as root (ab)used to change it.
> >
> >And when you can do that they can change function 
> >pointers
> >and jump to arbitary code or change the kernel page 
> >tables
> >and map arbitary code.
> >
> >Disallowing all this would probably end up with a quite
> >useless kernel. 
> >
> >  
> >>There are already some systems that implement and 
> >>utilize such functionality that
> >>use windows platforms, and other Linux distros that 
> >>use userland 
> >
> >Yes, at least the Vista variant was just broken. And 
> >its designers spent
> >a lot of effort on it, but it didn't help.
> >  
> Please read the thread i gave you for some details for 
> things you ask
> 
> Have in thought that we mostly talk here about embedded 
> devices
> that run Linux in a very restricted environment where 
> only specific
> applications are allowed to exist and run, there are no 
> user logons
> and these applications need to be updated by remote once 
> in a while
> over public networks. These applications need not be 
> tampered with

What kind of applications are we talking about here? I'd like to hack
hardware I own.

							Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ