lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 27 Feb 2013 14:34:05 -0500
From:	Theodore Ts'o <tytso@....edu>
To:	Chris Friesen <chris.friesen@...band.com>
Cc:	Peter Jones <pjones@...hat.com>, Dave Airlie <airlied@...il.com>,
	Greg KH <gregkh@...uxfoundation.org>,
	Matthew Garrett <mjg59@...f.ucam.org>,
	David Howells <dhowells@...hat.com>,
	Florian Weimer <fw@...eb.enyo.de>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Josh Boyer <jwboyer@...hat.com>,
	Vivek Goyal <vgoyal@...hat.com>,
	Kees Cook <keescook@...omium.org>, keyrings@...ux-nfs.org,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] Load keys from signed PE binaries

On Wed, Feb 27, 2013 at 01:21:03PM -0600, Chris Friesen wrote:
> 
> I think it'd need to be "doesn't notice operationally when running
> the virtualized Windows install".
> 
> Anyone going through all the trouble to virtualize an existing
> install could probably arrange to have the target computer do the
> conversion at a time when nobody is likely to be around.

It shouldn't be all that hard to avoid doing a full-fledged
conversion.  I've in the pat managed to configure KVM so that a
particular installation of Windows could be run either natively or
under KVM.  The hard part would be to make Windows not notice the
change in device drivers necessary, so trying to make this work with
paravirtualization would be tricky.  But if you aren't shooting for a
full performance, it shouldn't be that hard.

That being said, if someone were being employed by the NSA to attack
Iran, or by the MSS to attack the US Federal Government, or simply by
a russian firm wanting to make $$$ selling Viagra, they'd probably try
to shoot for figuring out some way to surrepticiously install the
paravirtualization drivers into an existing Windows install.  But this
is not a fundamental theoretical difficulty; just a practical one.)

       	 	     		 	     	    - Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ