Re: Linux-NG - security
>From Russell Coker on Sunday, 29 December, 2002:
>TCPA does some of this, but we won't get Linux certified as a TCPA OS. If we
>could hack the TCPA signature code somehow, maybe the next task for
I was thinking of a separate effort, maybe teaming with a hardware security
house, e.g. RSA. I was actually thinking more like a smart card-like
system, where the card actually stores the user creds, contains its own,
and the kernel verifies that it is what it says it is (so you can't just
pop out the card or splice in and pretend to be it) and they verify user
creds without the actual user creds (e.g. password) ever actually going
over the wire or into the kernel (save where the user types it in, and
it immediately gets converted into something else in a one-way process).
>I thought that was part of TCPA. The encryption gets done in hardware in the
>CPU module and you can communicate with it securely. However an application
>running on the local machine can always be molested by the kernel. If you
>can't trust the kernel then the application is not safe.
Indeed. We should make the kernel as secure as possible. The only entity
that should not trust the kernel should be the smart card, and the kernel
shouldn't trust that it hasn't been swapped; it should check. :)
>I can offer a list of things to work on for anyone who's interested. Also
>anyone who wants to help out in SE Linux will be very welcome. There's more
>work in the Debian side of things than Brian and I can handle at the moment.
I'm interested, although my knowledge and time are always very limited.
"I use Linux and it makes me feel safer knowing exactly what security
problems my boxen are facing. If I wanted filtered information or a public
relations a** kissing, I'd use Microsoft products." --dattaway, on /.