From: James Morris <jmorris@namei.org>
To: Michael Halcrow <lkml@halcrow.us>
Cc: Andrew Morton <akpm@osdl.org>,
Phillip Hellewell <phillip@hellewell.homeip.net>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
viro@ftp.linux.org.uk, mhalcrow@us.ibm.com, mcthomps@us.ibm.com,
yoder1@us.ibm.com
Subject: Re: [PATCH 0/12: eCryptfs] eCryptfs version 0.1
Date: Mon, 21 Nov 2005 16:41:50 -0500 (EST) [thread overview]
Message-ID: <Pine.LNX.4.63.0511211631140.479@excalibur.intercode> (raw)
In-Reply-To: <20051121202825.GA17946@halcrow.us>
On Mon, 21 Nov 2005, Michael Halcrow wrote:
> I think you brought up two categories of potential security
> vulnerabilities.
> The first has to do with the theoretical security of
> the algorithms -- do the encrypted files really have the attribute
> such that decrypting the files without the proper key is
> computationally infeasible? This is the job for the cryptographers to
> confront.
>
> The other category has to do with ``exploits''; I assume you are
> talking about -- for instance -- malicious files that are able to
> circumvent the intended behavior of the code. Such vulnerabilities may
> coerce the filesystem to dump the secret key out to an insecure
> location. This is an extension of the general ``correctness'' problem
> that can be an issue with any code. I would say that this is the job
> of the engineers to help prevent. It basically involves verification
> that eCryptfs is handling all of its memory correctly (i.e., via data
> and control flow analysis).
There's a third important category: the design of the _system_.
(Which you end up discussing somewhat further in the email).
It would be great to have a document which describes the design of the
system and includes a comprehensive security analysis.
- James
--
James Morris
<jmorris@namei.org>
next prev parent reply other threads:[~2005-11-21 21:41 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-19 4:11 [PATCH 0/12: eCryptfs] eCryptfs version 0.1 Phillip Hellewell
2005-11-19 4:14 ` [PATCH 1/12: eCryptfs] Makefile and Kconfig Phillip Hellewell
2005-11-19 4:16 ` [PATCH 2/12: eCryptfs] Documentation Phillip Hellewell
2005-11-19 4:16 ` [PATCH 3/12: eCryptfs] Makefile Phillip Hellewell
2005-11-19 4:17 ` [PATCH 4/12: eCryptfs] Main module functions Phillip Hellewell
2005-11-19 10:47 ` Pekka Enberg
2005-11-20 15:34 ` Anton Altaparmakov
2005-11-20 19:06 ` Pekka Enberg
2005-11-21 16:10 ` Michael Thompson
2005-11-21 16:12 ` Michael Thompson
2005-11-21 16:21 ` Pekka Enberg
2005-11-19 4:18 ` [PATCH 5/12: eCryptfs] Header declarations Phillip Hellewell
2005-11-19 10:37 ` Pekka Enberg
2005-11-21 15:50 ` Michael Thompson
2005-11-19 4:19 ` [PATCH 6/12: eCryptfs] Superblock operations Phillip Hellewell
2005-11-19 10:50 ` Pekka Enberg
2005-11-21 15:57 ` Michael Thompson
2005-11-21 16:01 ` Pekka Enberg
2005-11-21 16:13 ` Michael Thompson
2005-11-21 16:15 ` Michael Thompson
2005-11-21 16:20 ` Pekka Enberg
2005-11-19 4:20 ` [PATCH 7/12: eCryptfs] File operations Phillip Hellewell
2005-11-19 10:53 ` Pekka Enberg
2005-11-21 15:58 ` Michael Thompson
2005-11-19 4:20 ` [PATCH 8/12: eCryptfs] Dentry operations Phillip Hellewell
2005-11-19 4:21 ` [PATCH 9/12: eCryptfs] Inode operations Phillip Hellewell
2005-11-19 4:22 ` [PATCH 10/12: eCryptfs] Mmap operations Phillip Hellewell
2005-11-19 4:23 ` [PATCH 11/12: eCryptfs] Keystore Phillip Hellewell
2005-11-19 4:23 ` [PATCH 12/12: eCryptfs] Crypto functions Phillip Hellewell
2005-11-19 6:16 ` [PATCH 0/12: eCryptfs] eCryptfs version 0.1 Andrew Morton
2005-11-21 20:28 ` Michael Halcrow
2005-11-21 21:41 ` James Morris [this message]
2005-11-21 22:11 ` Michael Thompson
-- strict thread matches above, loose matches on Subject: below --
2005-11-03 3:32 Phillip Hellewell
2005-11-03 3:26 Phillip Hellewell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.63.0511211631140.479@excalibur.intercode \
--to=jmorris@namei.org \
--cc=akpm@osdl.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkml@halcrow.us \
--cc=mcthomps@us.ibm.com \
--cc=mhalcrow@us.ibm.com \
--cc=phillip@hellewell.homeip.net \
--cc=viro@ftp.linux.org.uk \
--cc=yoder1@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).