[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Protection from ROOT

From: lamikr_mdk <lamikr_mdk_at_aragorn.kortex.jyu.fi>
Date: 2003-08-12 00:02:06 CEST

Florin Iucha wrote:
> STFW: man-in-the-middle
>
> The root on you box can sniff all incoming/outgoing packets. He has
> access to the stored data. He can do what he wants, and you won't even
> know it!

How about adding some unique attributes inside messages sent between
client and server. Root could not steal them because the data send in
and out would be crypted by the ssh.

> Root can install a trojaned subversion.

Is it any change to sign the application running in the server? Hmm, you
are right, I do not have any idea how to do that. Not sure whether using
a similar kind of idea than in the XBoxes which requires applications
running to be signed with a certain key, would save from the hostile
root. (So that we could somehow check that the plugin application we are
running in the server is ok version)

> Root can scrub a key from the memory, or from the swap.
>
> Root can load a trojaned block device.
>
> Root can run your application under a debugger.
>
> If there is some hope is in compartimentalization at the OS level. I
> am not sure how you can enforce that remotely...

I must confess that I do not either. Especially swap and memory are hard
to protect. But this is interesting and fun topic... I need some time to
think just for fun.

Mika

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Aug 12 00:02:59 2003

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.