lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 3 Dec 2008 12:35:43 +0800
From:	"Peter Teoh" <htmldeveloper@...il.com>
To:	"Geoffrey McRae" <geoff@...idhost.com>
Cc:	Valdis.Kletnieks@...edu, "Alan Cox" <alan@...rguk.ukuu.org.uk>,
	linux-kernel@...r.kernel.org
Subject: Re: New Security Features, Please Comment

On Wed, Dec 3, 2008 at 12:02 PM, Geoffrey McRae <geoff@...idhost.com> wrote:
>
> My initial concept is to implement a HTTP server that is designed from
> the ground up to use this new functionallity. Each server that has been
> pre-forked will just sit there until the parent sets its uid/gid and
> hands it the request to handle.
>

I think the above is the core issue - you have something privileged to
be executed.   So why not execute it in a small, code-verifiable
implementation, just like the Privilege Separation idea of SSH?

http://www.citi.umich.edu/u/provos/papers/privsep.pdf

Everything is done in userspace.   SInce the privileged component is
small, it is easy to verify for correctness.   The rest execute with
lesser privilege.

Recently, the hypervisor has been used to implement this verifiable
source code concept:   see:

http://www.ghs.com/news/20081117_integrity_EAL6plus_security.html

where GreenHill achieved EAL6 certification - as it built its entire
kernel on top of the hypervisor.   (called Separation Kernel,
conceptually similar to that of Privilege Separation in SSH).

Just my 2cts :-).

-- 
Regards,
Peter Teoh

Ernest Hemingway - "Never mistake motion for action."
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ