From: Michael Thompson <michael.craig.thompson@gmail.com>
To: James Morris <jmorris@namei.org>
Cc: Michael Halcrow <lkml@halcrow.us>, Andrew Morton <akpm@osdl.org>,
Phillip Hellewell <phillip@hellewell.homeip.net>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
viro@ftp.linux.org.uk, mhalcrow@us.ibm.com, mcthomps@us.ibm.com,
yoder1@us.ibm.com
Subject: Re: [PATCH 0/12: eCryptfs] eCryptfs version 0.1
Date: Mon, 21 Nov 2005 16:11:29 -0600 [thread overview]
Message-ID: <afcef88a0511211411v2c28e128u83fa52ab4ebf7382@mail.gmail.com> (raw)
In-Reply-To: <Pine.LNX.4.63.0511211631140.479@excalibur.intercode>
On 11/21/05, James Morris <jmorris@namei.org> wrote:
> On Mon, 21 Nov 2005, Michael Halcrow wrote:
>
> > I think you brought up two categories of potential security
> > vulnerabilities.
>
> > The first has to do with the theoretical security of
> > the algorithms -- do the encrypted files really have the attribute
> > such that decrypting the files without the proper key is
> > computationally infeasible? This is the job for the cryptographers to
> > confront.
> >
> > The other category has to do with ``exploits''; I assume you are
> > talking about -- for instance -- malicious files that are able to
> > circumvent the intended behavior of the code. Such vulnerabilities may
> > coerce the filesystem to dump the secret key out to an insecure
> > location. This is an extension of the general ``correctness'' problem
> > that can be an issue with any code. I would say that this is the job
> > of the engineers to help prevent. It basically involves verification
> > that eCryptfs is handling all of its memory correctly (i.e., via data
> > and control flow analysis).
>
> There's a third important category: the design of the _system_.
>
> (Which you end up discussing somewhat further in the email).
>
> It would be great to have a document which describes the design of the
> system and includes a comprehensive security analysis.
Kernel programmers making documentation? You must be joking! (Side
joke... someone somewhere, which I have now forgetten, made a similar
comment).
For documentation, nothing formal exists, and while we were planning
on having some, it sounds like it might be a good thing to start
sooner than later.
I (or someone else) will get back to you when we figure out how we
want to approach this.
>
>
> - James
> --
> James Morris
> <jmorris@namei.org>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
Michael C. Thompson <mcthomps@us.ibm.com>
Software-Engineer, IBM LTC Security
next prev parent reply other threads:[~2005-11-21 22:11 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-19 4:11 [PATCH 0/12: eCryptfs] eCryptfs version 0.1 Phillip Hellewell
2005-11-19 4:14 ` [PATCH 1/12: eCryptfs] Makefile and Kconfig Phillip Hellewell
2005-11-19 4:16 ` [PATCH 2/12: eCryptfs] Documentation Phillip Hellewell
2005-11-19 4:16 ` [PATCH 3/12: eCryptfs] Makefile Phillip Hellewell
2005-11-19 4:17 ` [PATCH 4/12: eCryptfs] Main module functions Phillip Hellewell
2005-11-19 10:47 ` Pekka Enberg
2005-11-20 15:34 ` Anton Altaparmakov
2005-11-20 19:06 ` Pekka Enberg
2005-11-21 16:10 ` Michael Thompson
2005-11-21 16:12 ` Michael Thompson
2005-11-21 16:21 ` Pekka Enberg
2005-11-19 4:18 ` [PATCH 5/12: eCryptfs] Header declarations Phillip Hellewell
2005-11-19 10:37 ` Pekka Enberg
2005-11-21 15:50 ` Michael Thompson
2005-11-19 4:19 ` [PATCH 6/12: eCryptfs] Superblock operations Phillip Hellewell
2005-11-19 10:50 ` Pekka Enberg
2005-11-21 15:57 ` Michael Thompson
2005-11-21 16:01 ` Pekka Enberg
2005-11-21 16:13 ` Michael Thompson
2005-11-21 16:15 ` Michael Thompson
2005-11-21 16:20 ` Pekka Enberg
2005-11-19 4:20 ` [PATCH 7/12: eCryptfs] File operations Phillip Hellewell
2005-11-19 10:53 ` Pekka Enberg
2005-11-21 15:58 ` Michael Thompson
2005-11-19 4:20 ` [PATCH 8/12: eCryptfs] Dentry operations Phillip Hellewell
2005-11-19 4:21 ` [PATCH 9/12: eCryptfs] Inode operations Phillip Hellewell
2005-11-19 4:22 ` [PATCH 10/12: eCryptfs] Mmap operations Phillip Hellewell
2005-11-19 4:23 ` [PATCH 11/12: eCryptfs] Keystore Phillip Hellewell
2005-11-19 4:23 ` [PATCH 12/12: eCryptfs] Crypto functions Phillip Hellewell
2005-11-19 6:16 ` [PATCH 0/12: eCryptfs] eCryptfs version 0.1 Andrew Morton
2005-11-21 20:28 ` Michael Halcrow
2005-11-21 21:41 ` James Morris
2005-11-21 22:11 ` Michael Thompson [this message]
-- strict thread matches above, loose matches on Subject: below --
2005-11-03 3:32 Phillip Hellewell
2005-11-03 3:26 Phillip Hellewell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=afcef88a0511211411v2c28e128u83fa52ab4ebf7382@mail.gmail.com \
--to=michael.craig.thompson@gmail.com \
--cc=akpm@osdl.org \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkml@halcrow.us \
--cc=mcthomps@us.ibm.com \
--cc=mhalcrow@us.ibm.com \
--cc=phillip@hellewell.homeip.net \
--cc=viro@ftp.linux.org.uk \
--cc=yoder1@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).