lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080818124339.4b65b6c0@riellaptop.surriel.com>
Date:	Mon, 18 Aug 2008 12:43:39 -0400
From:	Rik van Riel <riel@...hat.com>
To:	Alan Cox <alan@...rguk.ukuu.org.uk>
Cc:	Eric Paris <eparis@...hat.com>,
	Arjan van de Ven <arjan@...radead.org>,
	Jan Harkes <jaharkes@...cmu.edu>,
	"Press, Jonathan" <Jonathan.Press@...com>, peterz@...radead.org,
	linux-kernel@...r.kernel.org, malware-list@...ts.printk.net,
	hch@...radead.org, andi@...stfloor.org, viro@...IV.linux.org.uk
Subject: Re: [malware-list] TALPA - a threat model?  well sorta.

On Mon, 18 Aug 2008 16:33:13 +0100
Alan Cox <alan@...rguk.ukuu.org.uk> wrote:

> > I could probably buy that, but I don't know how an HSM would work.
> > Would we have everything we need at open for them to fire off?
> > 
> > /me is HSM clueless and trying to include their needs is proving a
> > challenge.
> 
> So don't bother. Its a theoretical use for the most part so we can
> mangle the interface later. 

Think of a consumer HSM application: backup to rsync.net
or Amazon S3.

Instead of waiting for the whole backup to be restored,
you can start using the filesystem immediately.  The 
block-on-open hook can be used by the restore program
to fetch files from the remote backup site on an
as-needed basis, with a full restore going on in the
background.

If the block-on-open hook can be used for that (even
with additional magic, like creating empty HSM inodes
with a special attr to notify "the data lives elsewhere"),
HSM should be good.

The "data lives elsewhere" bit/xattr/whatever could also
be used on directories, so not even the whole directory
tree would have to be restored right on restore :)

-- 
All rights reversed.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ