| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1189142049.6681.29.camel@heimdal.trondhjem.org> Date: Fri, 07 Sep 2007 07:14:09 +0200 From: Trond Myklebust <trond.myklebust@....uio.no> To: Kyle Moffett <mrmacman_g4@....com> Cc: "J. Bruce Fields" <bfields@...ldses.org>, Satyam Sharma <satyam@...radead.org>, Jan Engelhardt <jengelh@...putergmbh.de>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: NFS4 authentification / fsuid On Thu, 2007-09-06 at 20:56 -0400, Kyle Moffett wrote: > On Sep 06, 2007, at 19:35:14, Trond Myklebust wrote: > > On Thu, 2007-09-06 at 19:30 -0400, Kyle Moffett wrote: > >> Actually, that's a fairly simple problem (barring disassembling > >> the system and attaching a hardware debugger). You encrypt the > >> root filesystem and require a password to boot (See: LUKS). > >> Debian has built-in support for installing onto fs-on-LVM-on-crypt- > >> on-RAID, and it works quite well on all the laptops I use > >> regularly. It's not even much of a speed penalty; once you take > >> the overhead of hitting a 5400RPM laptop drive you can chew > >> thousands of cycles of CPU without anybody noticing (much). Then > >> all you have to do is burn a copy of your /boot with bootloader > >> onto some read-only media (like a finalized CDROM/DVDROM) and > >> you're set to go. > > > > Disconnect battery, and watch boot password go 'poof!'. > > Umm, I did say "encrypt the root filesystem", didn't I? Booting my > laptops this way follows this procedure: > 1) Enter BIOS boot menu > 2) Insert /boot CDROM > 3) Select the "CDROM" entry > 4) Wait for kernel to start and run through initramfs > 5) Type password into the initramfs prompt so that it can DECRYPT > THE ROOT FILESYSTEM > 6) Continue to boot the system. > > Under this setup, tinkering with my BIOS does virtually nothing; the > only avenues of attack are strictly of the "Install a hardware > keylogger" variety. Without my "boot" password you are looking at a > block device which appears to be little more than a random bit- > bucket, using AES-256 encryption. If you can break that by > disconnecting the BIOS battery a lot of governments would be very > interested in the exact procedure. :-D Furthermore if I think that > the hardware has been compromised I can pull out the HDD and my CDROM > and take them to a trusted computer to gain access to my data. > > That said, a useful BIOS password helps keep somebody from casually > setting a supervisor password or mucking with the critical-to-boot > settings and making _me_ unplug the battery. > > Cheers, > Kyle Moffett So an attacker will instead install a hardware keylogger, or swap out your boot cdrom with a compromised but almost identical boot cdrom instead, or mod your bios, ... A fully self-certifying system that can prevent any attack is _very_ hard to achieve. Just ask apple (iPhone) or any games console vendor... Trond - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists