Re: [PATCH 0/12: eCryptfs] eCryptfs version 0.1

From: Michael Thompson
Date: Mon Nov 21 2005 - 17:11:14 EST

Next message: Benjamin Herrenschmidt: "Re: [PATCH 4/5] Centralise NO_IRQ definition"
Previous message: James Cloos: "Re: [PATCH] Re: make kernelrelease ignoring LOCALVERSION_AUTO"
In reply to: James Morris: "Re: [PATCH 0/12: eCryptfs] eCryptfs version 0.1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/21/05, James Morris <jmorris@xxxxxxxxx> wrote:
> On Mon, 21 Nov 2005, Michael Halcrow wrote:
>
> > I think you brought up two categories of potential security
> > vulnerabilities.
>
> > The first has to do with the theoretical security of
> > the algorithms -- do the encrypted files really have the attribute
> > such that decrypting the files without the proper key is
> > computationally infeasible? This is the job for the cryptographers to
> > confront.
> >
> > The other category has to do with ``exploits''; I assume you are
> > talking about -- for instance -- malicious files that are able to
> > circumvent the intended behavior of the code. Such vulnerabilities may
> > coerce the filesystem to dump the secret key out to an insecure
> > location. This is an extension of the general ``correctness'' problem
> > that can be an issue with any code. I would say that this is the job
> > of the engineers to help prevent. It basically involves verification
> > that eCryptfs is handling all of its memory correctly (i.e., via data
> > and control flow analysis).
>
> There's a third important category: the design of the _system_.
>
> (Which you end up discussing somewhat further in the email).
>
> It would be great to have a document which describes the design of the
> system and includes a comprehensive security analysis.

Kernel programmers making documentation? You must be joking! (Side
joke... someone somewhere, which I have now forgetten, made a similar
comment).

For documentation, nothing formal exists, and while we were planning
on having some, it sounds like it might be a good thing to start
sooner than later.

I (or someone else) will get back to you when we figure out how we
want to approach this.

>
>
> - James
> --
> James Morris
> <jmorris@xxxxxxxxx>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>

--
Michael C. Thompson <mcthomps@xxxxxxxxxx>
Software-Engineer, IBM LTC Security
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Benjamin Herrenschmidt: "Re: [PATCH 4/5] Centralise NO_IRQ definition"
Previous message: James Cloos: "Re: [PATCH] Re: make kernelrelease ignoring LOCALVERSION_AUTO"
In reply to: James Morris: "Re: [PATCH 0/12: eCryptfs] eCryptfs version 0.1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]