From: Arjan van de Ven <arjan@infradead.org>
To: "Muntz, Daniel" <Dan.Muntz@netapp.com>
Cc: "Trond Myklebust" <trond.myklebust@fys.uio.no>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Stephen Rothwell" <sfr@canb.auug.org.au>,
"Bernd Schubert" <bernd.schubert@fastmail.fm>,
<nfsv4@linux-nfs.org>, <linux-kernel@vger.kernel.org>,
<steved@redhat.com>, <dhowells@redhat.com>,
<linux-next@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>,
<rwheeler@redhat.com>
Subject: Re: Pull request for FS-Cache, including NFS patches
Date: Thu, 1 Jan 2009 09:09:00 +0100 [thread overview]
Message-ID: <20090101090900.551ada4a@infradead.org> (raw)
In-Reply-To: <7A24DF798E223B4C9864E8F92E8C93EC01BD14BB@SACMVEXC1-PRD.hq.netapp.com>
On Wed, 31 Dec 2008 20:11:13 -0800
"Muntz, Daniel" <Dan.Muntz@netapp.com> wrote:
please don't top post.
> Sure, trusted kernel and trusted executables, but it's easier than it
> sounds. If you start with a "clean" system, you don't need to verify
> excutables _if_ they're coming from the secured file server (by
> induction: if you started out secure, the executables on the file
> server will remain secure). You simply can't trust the local disk
> from one user to the next. Following the protocol, a student can log
> into a machine, su to do their OS homework, but not compromise the
> security of the distributed file system.
>
> If I can su while another user is logged in, or the kernel/cmds are
> not validated between users, cryptfs isn't safe either.
>
> If you're following the protocol, it doesn't even matter if a bad guy
> ("untrusted user"?) gets root on the client--they still can't gain
> inappropriate access to the file server. OTOH, if my security plan is
> simply to not allow root access to untrusted users, history says I'm
> going to lose.
if you have a user, history says you're going to lose.
you can make your system as secure as you want, with physical access
all bets are off.
keyboard sniffer.. easy.
special dimms that mirror data... not even all THAT hard, just takes a
bit of cash.
running the user in a VM without him noticing.. not too hard either.
etc.
--
Arjan van de Ven Intel Open Source Technology Centre
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
next prev parent reply other threads:[~2009-01-01 8:07 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-18 0:30 Pull request for FS-Cache, including NFS patches David Howells
2008-12-18 11:44 ` Stephen Rothwell
2008-12-18 14:24 ` Christoph Hellwig
2008-12-18 20:36 ` Andrew Morton
2008-12-18 23:07 ` Bernd Schubert
2008-12-18 23:26 ` Andrew Morton
2008-12-19 0:05 ` Stephen Rothwell
2008-12-29 3:45 ` Stephen Rothwell
2008-12-29 4:01 ` Andrew Morton
2008-12-29 14:30 ` Trond Myklebust
2008-12-29 14:54 ` Ric Wheeler
2008-12-29 23:05 ` Muntz, Daniel
2008-12-30 18:44 ` Trond Myklebust
2008-12-30 22:15 ` Muntz, Daniel
2008-12-30 22:36 ` Trond Myklebust
2008-12-30 23:00 ` Muntz, Daniel
2008-12-30 23:17 ` Trond Myklebust
2009-01-01 4:11 ` Muntz, Daniel
2009-01-01 8:09 ` Arjan van de Ven [this message]
2009-01-01 18:40 ` Kyle Moffett
2008-12-31 11:15 ` David Howells
2008-12-31 9:49 ` Arjan van de Ven
2008-12-29 4:07 ` Andrew Morton
2008-12-29 5:26 ` Stephen Rothwell
2008-12-29 15:01 ` David Howells
2008-12-29 15:04 ` David Howells
2008-12-29 14:26 ` David Howells
2008-12-19 2:27 ` David Howells
2008-12-19 2:44 ` Andrew Morton
2008-12-19 3:10 ` Ric Wheeler
2008-12-19 12:33 ` Trond Myklebust
2008-12-19 16:48 ` Gabor Gombas
2008-12-19 13:32 ` David Howells
2008-12-19 3:45 ` Muntz, Daniel
2008-12-19 4:09 ` J. Bruce Fields
2008-12-19 13:20 ` David Howells
2008-12-19 18:08 ` Muntz, Daniel
2008-12-19 18:24 ` David Howells
2008-12-19 19:53 ` Bryan Henderson
2008-12-20 1:20 ` David Howells
2008-12-20 6:05 ` Muntz, Daniel
2008-12-19 13:22 ` David Howells
2008-12-19 13:03 ` David Howells
-- strict thread matches above, loose matches on Subject: below --
2008-12-20 6:06 Muntz, Daniel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090101090900.551ada4a@infradead.org \
--to=arjan@infradead.org \
--cc=Dan.Muntz@netapp.com \
--cc=akpm@linux-foundation.org \
--cc=bernd.schubert@fastmail.fm \
--cc=dhowells@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-next@vger.kernel.org \
--cc=nfsv4@linux-nfs.org \
--cc=rwheeler@redhat.com \
--cc=sfr@canb.auug.org.au \
--cc=steved@redhat.com \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).