Re: Developer security questions.
> I have some questions regarding security.
>
> Is it possible for someone, if they gained root on my workstation, to
> make a copy of my .pgp/ and .ssh/ directories, then use those from
> anywhere on the net to log into master.debian.org, or sign a package
> or email?
>
> I don't think this happened... but wonder if it could.
>
> What should I know about this?
One developer recently described his PGP key handling: he keeps it on
physically secure removable read-only media. When he wishes to use
it, he physically disconnects his machine from any networks, cold
reboots it from a known good read-only boot media, then connects the
PGP key-containing media, signs whatever needs signing and removes the
key-containing media. I don't recall whether or not he reboots the
machine again before reconnecting to the network. But it's a sure way
not to have your PGP key stolen.
With lesser precautions, it is possible for a root exploit to gain
your PGP key. But without your passphrase, they will not be able to
use it. This is the weakest part of the system: a weak passphrase
will allow your key to be broken with ease if it is caught.
But worse: a root exploit could allow the intruder to replace your PGP
binary with a trojan version which could do any number of nasty
things. To detect this, you want something such as tripwire.
As far as ssh goes, if your ssh identity is stored as an authorized
key on master, then it will be usable, otherwise, they'll still need a
password.
Basically, if a seriously-minded cracker performs a root exploit on
your machine, then you have a large number of serious problems. But
you can reduce the PGP one by the above method. ;)
Julian
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Julian Gilbey, Dept of Maths, QMW, Univ. of London. J.D.Gilbey@qmw.ac.uk
Debian GNU/Linux Developer, see http://www.debian.org/~jdg
Reply to: