lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20160922155939.vunlgdw4grnmutcp@thunk.org>
Date:   Thu, 22 Sep 2016 11:59:39 -0400
From:   Theodore Ts'o <tytso@....edu>
To:     Richard Weinberger <richard@....at>
Cc:     Jaegeuk Kim <jaegeuk@...nel.org>, linux-ext4@...r.kernel.org,
        linux-f2fs-devel@...ts.sourceforge.net,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        David Gstir <david@...ma-star.at>
Subject: Re: ext4, f2fs: fscrypt_has_permitted_context() check in file open

On Thu, Sep 22, 2016 at 04:21:30PM +0200, Richard Weinberger wrote:
> 
> Got it. So, the use case is preventing off-line attacks.
> But I fear this is only a drop in the bucket. What we really need is
> meta data authentication.

True security requires a system-wide design, sure.  For example, you
might want a locked bootloader that will only boot signed kernels.
The kernel might then require to use a read-only root file system with
dm-verity to make sure the system software can't be trojan'ed.  And
then you want the system software to enforce that the top-level
directories which contain encrypted information are protected using
the correct keys, perhaps using some trusted hardware store where the
user's keys are stored (and only released when the proper password /
pin is given).

Given all of those induction steps, *then* the file system level
checks that require that all subdirectories and files in an encrypted
directories must be encrypted using the same key as their parent will
provide the security you need.

Cheers,

							- Ted
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ