Re: NFS4 authentification / fsuid

From: Trond Myklebust
Date: Fri Sep 07 2007 - 01:14:32 EST

Next message: Mark Nipper: "BUG: unable to handle kernel NULL pointer dereference<1>"
Previous message: Randy Dunlap: "Re: [patch 1/6] Linux Kernel Markers - Architecture Independent Code"
In reply to: Kyle Moffett: "Re: NFS4 authentification / fsuid"
Next in thread: Kyle Moffett: "Re: NFS4 authentification / fsuid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2007-09-06 at 20:56 -0400, Kyle Moffett wrote:
> On Sep 06, 2007, at 19:35:14, Trond Myklebust wrote:
> > On Thu, 2007-09-06 at 19:30 -0400, Kyle Moffett wrote:
> >> Actually, that's a fairly simple problem (barring disassembling
> >> the system and attaching a hardware debugger). You encrypt the
> >> root filesystem and require a password to boot (See: LUKS).
> >> Debian has built-in support for installing onto fs-on-LVM-on-crypt-
> >> on-RAID, and it works quite well on all the laptops I use
> >> regularly. It's not even much of a speed penalty; once you take
> >> the overhead of hitting a 5400RPM laptop drive you can chew
> >> thousands of cycles of CPU without anybody noticing (much). Then
> >> all you have to do is burn a copy of your /boot with bootloader
> >> onto some read-only media (like a finalized CDROM/DVDROM) and
> >> you're set to go.
> >
> > Disconnect battery, and watch boot password go 'poof!'.
>
> Umm, I did say "encrypt the root filesystem", didn't I? Booting my
> laptops this way follows this procedure:
> 1) Enter BIOS boot menu
> 2) Insert /boot CDROM
> 3) Select the "CDROM" entry
> 4) Wait for kernel to start and run through initramfs
> 5) Type password into the initramfs prompt so that it can DECRYPT
> THE ROOT FILESYSTEM
> 6) Continue to boot the system.
>
> Under this setup, tinkering with my BIOS does virtually nothing; the
> only avenues of attack are strictly of the "Install a hardware
> keylogger" variety. Without my "boot" password you are looking at a
> block device which appears to be little more than a random bit-
> bucket, using AES-256 encryption. If you can break that by
> disconnecting the BIOS battery a lot of governments would be very
> interested in the exact procedure. :-D Furthermore if I think that
> the hardware has been compromised I can pull out the HDD and my CDROM
> and take them to a trusted computer to gain access to my data.
>
> That said, a useful BIOS password helps keep somebody from casually
> setting a supervisor password or mucking with the critical-to-boot
> settings and making _me_ unplug the battery.
>
> Cheers,
> Kyle Moffett

So an attacker will instead install a hardware keylogger, or swap out
your boot cdrom with a compromised but almost identical boot cdrom
instead, or mod your bios, ...

A fully self-certifying system that can prevent any attack is _very_
hard to achieve. Just ask apple (iPhone) or any games console vendor...

Trond

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mark Nipper: "BUG: unable to handle kernel NULL pointer dereference<1>"
Previous message: Randy Dunlap: "Re: [patch 1/6] Linux Kernel Markers - Architecture Independent Code"
In reply to: Kyle Moffett: "Re: NFS4 authentification / fsuid"
Next in thread: Kyle Moffett: "Re: NFS4 authentification / fsuid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]