[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Protection from ROOT

From: Florin Iucha <florin_at_iucha.net>
Date: 2003-08-12 00:19:10 CEST

On Tue, Aug 12, 2003 at 01:02:06AM +0300, lamikr_mdk wrote:
> Florin Iucha wrote:
> >The root on you box can sniff all incoming/outgoing packets. He has
> >access to the stored data. He can do what he wants, and you won't even
> >know it!
>
> How about adding some unique attributes inside messages sent between
> client and server. Root could not steal them because the data send in
> and out would be crypted by the ssh.

And how do you know ssh is not trojaned?

> >Root can install a trojaned subversion.
>
> Is it any change to sign the application running in the server?

How do you know you are talking with the signed app?

> Hmm, you
> are right, I do not have any idea how to do that. Not sure whether using
> a similar kind of idea than in the XBoxes which requires applications
> running to be signed with a certain key, would save from the hostile
> root. (So that we could somehow check that the plugin application we are
> running in the server is ok version)
>
> >Root can scrub a key from the memory, or from the swap.
> >
> >Root can load a trojaned block device.
> >
> >Root can run your application under a debugger.
> >
> >If there is some hope is in compartimentalization at the OS level. I
> >am not sure how you can enforce that remotely...
>
> I must confess that I do not either. Especially swap and memory are hard
> to protect. But this is interesting and fun topic... I need some time to
> think just for fun.

Read Bruce Schneier's books, "Secrets and Lies" and "Applied Cryptography".

Cheers,
florin

-- 
Don't question authority: they don't know it either!

  • application/pgp-signature attachment: stored
Received on Tue Aug 12 00:20:00 2003

This is an archived mail posted to the Subversion Users mailing list.