From: Casey Schaufler <casey@schaufler-ca.com>
To: Pavel Machek <pavel@ucw.cz>
Cc: David Safford <safford@watson.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
James Morris <jmorris@namei.org>, Greg KH <greg@kroah.com>,
Dmitry Kasatkin <dmitry.kasatkin@nokia.com>
Subject: Re: [PATCH v5 00/21] EVM
Date: Thu, 26 May 2011 13:32:28 -0700 [thread overview]
Message-ID: <4DDEB8DC.5070908@schaufler-ca.com> (raw)
In-Reply-To: <20110526200207.GB15959@elf.ucw.cz>
On 5/26/2011 1:02 PM, Pavel Machek wrote:
> On Thu 2011-05-26 12:30:07, Casey Schaufler wrote:
>> On 5/26/2011 11:38 AM, Pavel Machek wrote:
>>> On Thu 2011-05-26 14:11:54, David Safford wrote:
>>>> On Thu, 2011-05-26 at 09:34 -0700, Casey Schaufler wrote:
>>>>> On 5/25/2011 11:08 PM, Pavel Machek wrote:
>>>>>> ...
>>>>>> Fourthly, is it likely to find its way to the next cellphone I buy,
>>>>>> and will it prevent me from rooting it?
>>>>> That will of course depend on the phone vendor. You are certainly
>>>>> going to be able to vote with your checkbook (digital wallet?) but
>>>>> odds are pretty good that should EVM prove effective it will be
>>>>> ubiquitous within the next five years on embedded devices.
>>> Hmm. But maybe it is more effective to vote with NAKs, now? It does
>>> not seem to have any non-evil uses.
>>>
>>> Phone vendors will play nasty tricks on us, but... why make it easy
>>> for them?
>> For one thing, it is probable that in the not-too-distant future
>> the phone will not be yours. Many service providers are moving in
>> the direction of zero-cost phones. The subscriber will pay the
> Really? References?
Yes, and no.
> No, I don't think this is going to happen, for variety of reasons. 1)
> prepaid cards, 2) phones are easily damaged, 3) phones are often stolen.
I have no idea how prepaid cards make a difference, but I'm willing
to be educated.
Phones are commodity electronics. If they get damaged they get replaced.
That's another selling point for the scheme. Clumsy customers will love
it.
"Someone stole my SSRBQ phone!"
"Thank you sir, we'll track down our phone using the GPS software we
put on it. Now we'll use the battery overload software we just downloaded
to it to heat it up and set the magnesium case on fire. What's that sir?
your dog just exploded?"
Seriously, the service provider will download meltdown software to
the stolen phone and treat it as broken. The customer gets a new phone
to use. No worries.
>> Most people will not notice the difference. Consider this a
>> nasty trick if you want to. I expect that the average consumer
> I _do_ consider it nasty trick...
It's only "nasty" if the customer doesn't like it.
It's only a trick if the fact that the customer does not own the phone
is hidden. I fully expect the providers to tout it as a feature.
>> Welcome to computers in the 21st century.
> ...and I do not want to help people playing nasty tricks. Protection
> against offline attacks should not be merged.
>
> Pavel
OK, but what about the owners of loaned phones, set top boxes or aircraft
entertainment systems, who routinely put their hardware in the hands of
people they have no reason to trust? I suppose they can run WinCE. Or
Symbian.
next prev parent reply other threads:[~2011-05-26 20:32 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-16 14:44 [PATCH v5 00/21] EVM Mimi Zohar
2011-05-16 14:44 ` [PATCH v5 01/21] integrity: move ima inode integrity data management Mimi Zohar
2011-05-19 2:06 ` Serge E. Hallyn
2011-05-19 22:45 ` Mimi Zohar
2011-05-16 14:44 ` [PATCH v5 02/21] xattr: define vfs_getxattr_alloc and vfs_xattr_cmp Mimi Zohar
2011-05-19 2:11 ` Serge E. Hallyn
2011-05-16 14:44 ` [PATCH v5 03/21] evm: re-release Mimi Zohar
2011-05-19 6:05 ` Serge E. Hallyn
2011-05-19 22:49 ` Mimi Zohar
2011-05-20 11:12 ` Harald Hoyer
2011-05-20 11:21 ` Mimi Zohar
2011-05-19 21:37 ` Serge E. Hallyn
2011-05-20 12:29 ` Mimi Zohar
2011-05-20 13:43 ` Serge E. Hallyn
2011-05-16 14:44 ` [PATCH v5 04/21] evm: add support for different security.evm data types Mimi Zohar
2011-05-16 14:44 ` [PATCH v5 05/21] ima: move ima_file_free before releasing the file Mimi Zohar
2011-05-19 22:06 ` Serge E. Hallyn
2011-05-20 0:55 ` Mimi Zohar
2011-05-20 13:40 ` Serge E. Hallyn
2011-05-20 14:34 ` Mimi Zohar
2011-05-20 15:25 ` Serge E. Hallyn
2011-05-16 14:45 ` [PATCH v5 06/21] security: imbed evm calls in security hooks Mimi Zohar
2011-05-19 22:13 ` Serge E. Hallyn
2011-05-16 14:45 ` [PATCH v5 07/21] evm: evm_inode_post_removexattr Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 08/21] evm: imbed evm_inode_post_setattr Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 09/21] evm: evm_inode_post_init Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 10/21] fs: add evm_inode_post_init calls Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 11/21] evm: crypto hash replaced by shash Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 12/21] evm: add evm_inode_post_init call in btrfs Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 13/21] evm: add evm_inode_post_init call in gfs2 Mimi Zohar
2011-05-16 15:30 ` Steven Whitehouse
2011-05-16 15:50 ` Mimi Zohar
2011-05-16 16:14 ` Steven Whitehouse
2011-05-16 16:35 ` Mimi Zohar
2011-05-16 17:50 ` Mimi Zohar
2011-05-16 17:57 ` Steven Whitehouse
2011-05-16 18:20 ` Mimi Zohar
2011-05-16 18:23 ` Casey Schaufler
2011-05-16 18:48 ` Mimi Zohar
2011-05-16 19:25 ` Casey Schaufler
2011-05-19 0:55 ` Mimi Zohar
2011-05-19 9:25 ` Steven Whitehouse
2011-05-16 14:45 ` [PATCH v5 14/21] evm: add evm_inode_post_init call in jffs2 Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 15/21] evm: add evm_inode_post_init call in jfs Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 16/21] evm: add evm_inode_post_init call in xfs Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 17/21] evm: additional parameter to pass integrity cache entry 'iint' Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 18/21] evm: evm_verify_hmac must not return INTEGRITY_UNKNOWN Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 19/21] evm: replace hmac_status with evm_status Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 20/21] evm: permit only valid security.evm xattrs to be updated Mimi Zohar
2011-05-16 14:45 ` [PATCH v5 21/21] evm: add evm_inode_setattr to prevent updating an invalid security.evm Mimi Zohar
2011-05-19 0:25 ` [PATCH v5 00/21] EVM Andrew Morton
2011-05-19 1:51 ` Mimi Zohar
2011-05-20 0:51 ` James Morris
2011-05-20 1:07 ` Mimi Zohar
2011-05-20 13:06 ` David Safford
2011-05-20 14:13 ` Casey Schaufler
2011-05-26 6:08 ` Pavel Machek
2011-05-26 16:34 ` Casey Schaufler
2011-05-26 18:11 ` David Safford
2011-05-26 18:38 ` Pavel Machek
2011-05-26 19:30 ` Casey Schaufler
2011-05-26 20:02 ` Pavel Machek
2011-05-26 20:32 ` Casey Schaufler [this message]
2011-05-26 19:49 ` Mimi Zohar
2011-05-26 20:17 ` Pavel Machek
2011-05-27 17:45 ` David Safford
2011-05-29 6:58 ` Pavel Machek
2011-05-31 12:05 ` Mimi Zohar
2011-05-31 13:40 ` Valdis.Kletnieks
2011-06-01 22:11 ` Dmitry Kasatkin
2011-05-20 18:50 ` Serge E. Hallyn
2011-05-23 22:09 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DDEB8DC.5070908@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=akpm@linux-foundation.org \
--cc=dmitry.kasatkin@nokia.com \
--cc=greg@kroah.com \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=pavel@ucw.cz \
--cc=safford@watson.ibm.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox