[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Protection from ROOT

From: Florin Iucha <florin_at_iucha.net>
Date: 2003-08-11 20:41:47 CEST

STFW: man-in-the-middle

The root on you box can sniff all incoming/outgoing packets. He has
access to the stored data. He can do what he wants, and you won't even
know it!

Root can install a trojaned subversion.

Root can scrub a key from the memory, or from the swap.

Root can load a trojaned block device.

Root can run your application under a debugger.

If there is some hope is in compartimentalization at the OS level. I
am not sure how you can enforce that remotely...

Cheers,
florin

On Mon, Aug 11, 2003 at 08:37:43PM +0300, lamikr_mdk wrote:
> I think that is not neccessary true. How about following sequence?
>
> A) Saving data
> --------------
> 1) You connect to the server with ssh kind connection --> Data between
> client and your server is crypted.
> 2) You transfer some data to the application over ssh secured crypto
> pipe to the subversion crypto-plugin.
> 3) Subversion crypto-plugin crypts the data immediately with your
> asymmetric public key to the servers database. (Data can be decrypted
> only with your private key)
>
> B) Retrieving data
> ------------------
> 1) You connect to the server with ssh kind connection --> Data between
> client and your server is crypted.
> 2) You pass your private key for the subversion plugin over ssh secured
> crypto pipe (Ie only subversion plugin can receive information from your
> private key)
> 3) Subversion crypto plugin encryptes the data in the server by using
> your private key and sends it for you over ssh secured pipe
>
> Mika
>
>
> Jerry Haltom wrote:
> >I suspose basic crytpgraphy comes into play here. If the encrypted data
> >exists on a box, and the box must read from that data, as it would have
> >to in order to access it. Then understandably the key itself must exist
> >on the system. Accordingly, somebody who owns the system has access to
> >all of that. End of story!
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>

-- 
Don't question authority: they don't know it either!

  • application/pgp-signature attachment: stored
Received on Mon Aug 11 20:42:36 2003

This is an archived mail posted to the Subversion Users mailing list.