From: Hans Reiser <reiser@namesys.com>
To: Valdis.Kletnieks@vt.edu
Cc: reiserfs-list@namesys.com, reiserfs-dev@namesys.com
Subject: Re: Proposal for keying encrypted filesystem
Date: Thu, 03 Apr 2003 23:43:42 +0400 [thread overview]
Message-ID: <3E8C8EEE.3060604@namesys.com> (raw)
In-Reply-To: <200304031614.h33GE7S7004132@turing-police.cc.vt.edu>
Valdis.Kletnieks@vt.edu wrote:
>On Tue, 01 Apr 2003 20:06:32 +0400, Hans Reiser said:
>
>
>
>>Are you sure we should not get keys from the environment? Is there too
>>much performance cost?
>>
>>
>
>It's not just a performance cost issue. It's also a security issue.
>
>There's too many ways to leak the contents of /proc/<nnnn>/environ. Yes,
>it's mode 600. (Think all the LD_* environment variable bugs.. ;)
>
>
You mean because processes might not be secure in what they do with
their info about their environment variables?
Like shells....
Hmm.....
>
>Also, there's the problem that keys are per-file (possibly) while environments
>are per-process. As a result, a process that uses files in multiple security
>domains can chew up a *LOT* of environment space.
>
>A better bet would be to use the LSM security framework to create a module
>that carries the tokens around for the process - this could even allow you
>to do things like add a new key token to a process group leader and have
>it propagate to already-running children (which is a phenomenally useful
>thing to do that you can't do with an environment variable). So for
>instance, you could add a new key to your X login process, and all the
>myriad subshells would get it - and thus any processes THEY launch) without
>the need to log out from X and log back in again...
>
Ok, let's do it. Edward, find some documentation about this and send us
info....
>
>
>
>>It would be best if people could use applications that are unaware of
>>the crypto mechanism when accessing files.
>>
>>
>
>Correct. If the app can't use the normal open() call it's a non-starter.
>
>
--
Hans
next prev parent reply other threads:[~2003-04-03 19:43 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-03-29 1:26 Proposal for keying encrypted filesystem Pierre Abbat
2003-03-29 16:46 ` Edward Shushkin
2003-03-29 16:55 ` Pierre Abbat
2003-03-29 18:17 ` Edward Shushkin
2003-03-29 20:49 ` Pierre Abbat
2003-03-30 10:12 ` Hendrik Visage
2003-03-30 17:00 ` Pierre Abbat
2003-03-31 9:15 ` Hendrik Visage
2003-03-30 16:30 ` Pierre Abbat
2003-03-31 11:21 ` Edward Shushkin
2003-03-31 12:09 ` Edward Shushkin
2003-03-31 13:36 ` Hendrik Visage
2003-03-31 13:54 ` Pierre Abbat
2003-03-31 16:35 ` Hendrik Visage
2003-03-31 20:11 ` Pierre Abbat
2003-03-31 21:31 ` Hendrik Visage
2003-03-31 22:40 ` Pierre Abbat
2003-04-01 9:31 ` Hendrik Visage
2003-03-31 13:58 ` Edward Shushkin
2003-03-31 16:45 ` Hendrik Visage
2003-04-01 12:28 ` Edward Shushkin
2003-04-01 16:06 ` Hans Reiser
2003-04-01 16:16 ` Anders Widman
2003-04-01 16:21 ` Hans Reiser
2003-04-02 2:56 ` Pierre Abbat
2003-04-02 6:06 ` Hans Reiser
2003-04-02 13:05 ` Pierre Abbat
2003-04-02 15:11 ` Edward Shushkin
2003-04-03 16:14 ` Valdis.Kletnieks
2003-04-03 19:43 ` Hans Reiser [this message]
2003-04-03 20:08 ` Valdis.Kletnieks
2003-04-03 19:44 ` Hans Reiser
2003-04-03 23:22 ` Pierre Abbat
2003-04-04 0:25 ` Russell Coker
2003-04-04 14:01 ` Valdis.Kletnieks
2003-04-04 14:30 ` Pierre Abbat
2003-04-04 14:47 ` Valdis.Kletnieks
2003-04-04 14:57 ` Pierre Abbat
2003-04-04 16:36 ` Edward Shushkin
2003-04-04 16:45 ` Valdis.Kletnieks
2003-04-04 15:25 ` Edward Shushkin
2003-04-04 16:50 ` Hans Reiser
2003-04-04 17:19 ` Edward Shushkin
2003-04-04 18:45 ` Hans Reiser
2003-04-05 0:01 ` Pierre Abbat
2003-04-07 0:44 ` Valdis.Kletnieks
2003-04-07 1:14 ` Pierre Abbat
2003-04-07 4:52 ` Valdis.Kletnieks
2003-04-07 16:55 ` Hans Reiser
2003-04-07 18:38 ` Edward Shushkin
2003-04-07 19:46 ` Hans Reiser
2003-04-07 22:36 ` Pierre Abbat
2003-04-08 10:10 ` Edward Shushkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3E8C8EEE.3060604@namesys.com \
--to=reiser@namesys.com \
--cc=Valdis.Kletnieks@vt.edu \
--cc=reiserfs-dev@namesys.com \
--cc=reiserfs-list@namesys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.