On Tue, Aug 12, 2003 at 01:02:06AM +0300, lamikr_mdk wrote:
> Florin Iucha wrote:
> >The root on you box can sniff all incoming/outgoing packets. He has
> >access to the stored data. He can do what he wants, and you won't even
> >know it!
>
> How about adding some unique attributes inside messages sent between
> client and server. Root could not steal them because the data send in
> and out would be crypted by the ssh.
And how do you know ssh is not trojaned?
> >Root can install a trojaned subversion.
>
> Is it any change to sign the application running in the server?
How do you know you are talking with the signed app?
> Hmm, you
> are right, I do not have any idea how to do that. Not sure whether using
> a similar kind of idea than in the XBoxes which requires applications
> running to be signed with a certain key, would save from the hostile
> root. (So that we could somehow check that the plugin application we are
> running in the server is ok version)
>
> >Root can scrub a key from the memory, or from the swap.
> >
> >Root can load a trojaned block device.
> >
> >Root can run your application under a debugger.
> >
> >If there is some hope is in compartimentalization at the OS level. I
> >am not sure how you can enforce that remotely...
>
> I must confess that I do not either. Especially swap and memory are hard
> to protect. But this is interesting and fun topic... I need some time to
> think just for fun.
Read Bruce Schneier's books, "Secrets and Lies" and "Applied Cryptography".
Cheers,
florin
--
Don't question authority: they don't know it either!
- application/pgp-signature attachment: stored
Received on Tue Aug 12 00:20:00 2003