Re: OpenSSH uploaded replacing ssh, please test

To: Jules Bean <jmlb2@hermes.cam.ac.uk>
Cc: Tommi Virtanen <tv@debian.org>, debian-devel@lists.debian.org
Subject: Re: OpenSSH uploaded replacing ssh, please test
From: David Benson <daveb@idealab.com>
Date: Thu, 4 Nov 1999 15:31:05 -0800 (PST)
Message-id: <Pine.LNX.4.10.9911041525100.19758-100000@luca.hivemind.idealab.com>
In-reply-to: <Pine.SOL.4.10a.9911042309270.17870-100000@red.csi.cam.ac.uk>

> 
> ObOnTopic: This thread is drifting off topic. My personal feeling is that
> these fundamental ideas about security are relevant to debian development
> as a whole, and hence OK.  I hope you agree :)
> 
> How does this help?  Pages written to disk can only be accessed by people
> with root access.  And if you don't trust root on a given machine, you're
> lost anyway (they could easily, for example, replace gpg or ssh with a
> trojan).  Have I missed something?
> 
> Jules

I someone later actually physically got possession of
your disk drive they might be able to get old data off
the disk.  This (somewhat unlikely) situation is the only
relevant one (since root can just as easily peek around disk or
memory).

The reason the program must have root priviledge is that
allocating all the memory as non-swappable will probably
render the system unusable.

On linux-kernel it was once proposed to make a per-user pool of
non-swappable memory.  Probably too kludgey for the kernel...

- Dave

Reply to:

References:
- Re: OpenSSH uploaded replacing ssh, please test
  - From: Jules Bean <jmlb2@hermes.cam.ac.uk>

Prev by Date: Re: Giving away all my packages
Next by Date: Re: Giving away all my packages
Previous by thread: Re: OpenSSH uploaded replacing ssh, please test
Next by thread: Re: OpenSSH uploaded replacing ssh, please test
Index(es):
- Date
- Thread