Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library

From: David Härdeman
Date: Sun Jan 29 2006 - 16:12:08 EST


On Sun, Jan 29, 2006 at 11:38:22AM -0500, Trond Myklebust wrote:
On Sun, 2006-01-29 at 12:33 +0100, David Härdeman wrote:
Why would you want to use proxy certificates for you own use? Use your
own certificate for your own processes, and issue one or more proxy
certificates to any daemon that you want to authorise to do some limited
task.

I meant that you can't use proxy certs for your own use, so you still need to store your own cert/key somehow...and I still believe that the kernel keyring is the best place...

Agreed. Now, reread what I said above, and tell me why this is an
argument for doing dsa in the kernel?

If you agree that the kernel keyring is the best place, it shouldn't be a big step to also agree that in-kernel signing is "good" since it allows you to use the key while it makes it possible for the kernel to refuse to divulge the private part...even to the user who added the key (i.e. yourself)...

...and what does this statement about "keys being safer in the kernel"
mean?

swap-out to disk, ptrace, coredump all become non-issues. And in combination with some other security features (such as disallowing modules, read/write of /dev/mem + /dev/kmem, limited permissions via
SELinux, etc), it becomes pretty hard for the attacker to get your private key even if he/she manages to get access to the root account.

Turning off coredump is trivial. All the features that LSM provide apply
to userland too (including security_ptrace()), so the SELinux policies
are not an argument for putting stuff in the kernel.

Only the swap-out to disk is an issue, and that is less of a worry if
you use a time-limited proxy in the daemon.

How do you use a "time-limited proxy in the daemon" for your own keys/cerificates (e.g. ssh keys)?

Re,
David

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/