[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Backport of the integer overflow in the brk system call

On Thu, 4 Dec 2003 05:02, Andreas Schuldei <andreas@schuldei.org> wrote:
> * Russell Coker (russell@coker.com.au) [031203 04:03]:
> > I have sent a message to Werner asking if the GPG smart-card device could
> > be re-implemented with a USB interface.  I think that a USB dongle with
> > GPG technology would be a good option as most developer's machines
> > already have USB support.
>
> as discussed in depth in an earlier c't magazine (german) usb is
> not a save bus to use for security relevant applications, since
> it allows for recording and backplaying of command sequences.

If the protocol for communication with the device is secure then this should 
not be a problem.  If the protocol is bad then intercepting a different 
connection method is not going to be too difficult.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
Reply to: