[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OpenSSH uploaded replacing ssh, please test

On Fri, 5 Nov 1999, Tommi Virtanen wrote:

> On Thu, Nov 04, 1999 at 12:10:49PM -0500, Daniel Burrows wrote:
> > On Thu, Nov 04, 1999 at 06:36:53PM +0200, Tommi Virtanen was heard to say:
> > >         I am no X expert, but I don't think there's more to do
> > >         than that. Unless you want to lock the pages into memory
> > >         etc..
> >   Actually, I was about to ask whether it's possible to do this (lock memory)
> > without making it suid ;-)
> > 
> >   This would probably be a Good Idea..although if the standard askpass doesn't
> > do it leaving it out for now is probably ok (since you won't be any less secure
> > at any rate..)
> 	I believe that would need suid access, which is very
>         inappropriate for Perl/Tk. Quoting gpg(1):
> --8<--
>        On many  systems  this  program  should  be  installed  as
>        setuid(root).  This  is  necessary  to  lock memory pages.
>        Locking memory pages prevents the  operating  system  from
>        writing  memory  pages to disk. If you get no warning mes­
>        sage about insecure memory your operating system  supports
>        locking  without being root. The program drops root privi­
>        leges as soon as locked memory is allocated.
> --8<--

ObOnTopic: This thread is drifting off topic. My personal feeling is that
these fundamental ideas about security are relevant to debian development
as a whole, and hence OK.  I hope you agree :)

How does this help?  Pages written to disk can only be accessed by people
with root access.  And if you don't trust root on a given machine, you're
lost anyway (they could easily, for example, replace gpg or ssh with a
trojan).  Have I missed something?


|  Jelibean aka  | jules@jellybean.co.uk         |  6 Evelyn Rd	       |
|  Jules aka     | jules@debian.org              |  Richmond, Surrey   |
|  Julian Bean   | jmlb2@hermes.cam.ac.uk        |  TW9 2TF *UK*       |
|  War doesn't demonstrate who's right... just who's left.             |
|  When privacy is outlawed... only the outlaws have privacy.          |

Reply to: