ssh - no added security?
Ronan KERYELL
Ronan.Keryell at enst-bretagne.fr
Wed Mar 26 19:45:53 CET 2003
>>>>> On Tue, 25 Mar 2003 17:09:39 +0100, Sune Rastad Bahn <srb at dmi.dk> said:
Sune> Another problem is that it is the kernel which mounts the
Sune> nfsroot. So, either you have to compile the encryption into the
Sune> kernel or make a very large initrd so you can start up ssh from
Sune> that. Anyway you still have the problem that the kernel is from
Sune> tftp which as the name say is a very trivial (and hence very
Sune> insecure) protocol, leaving plenty of space for an attacker to
Sune> fool you machine into using his kernel instead of your own. You
Sune> have to figure out some very clever boot process to avoid that!
Sune> Basically you need to have security build in already in the boot
Sune> process, which means no PXE/dhcp, no bootp etc.. you'll probably
Sune> end up booting from a cd... so why use fai in the first place?
Adding digital signature to dhcp using an optional field could be
possible plus some ciphered information in other fields.
Enough to boot a kernel with IPsec in it.
Well, where the initial secrete key come from at boot ? Hum, TCPA or
some other stuff is a begining... :-) Just a specialized PXE rom or BIOS
could do the job if we don't think the intruder will use a logic analyzer
against the client. :-)
For more French parnoid : http://www.lit.enstb.org/~keryell/publications/ENSTBr_INFO_2001-001
but the bibliography point to some English papers.
--
Ronan KERYELL |\/ Tel: (+33|0) 2.29.00.14.15
Labo Informatique Télécom |/) Fax: (+33|0) 2.29.00.12.82
ENST Bretagne, BP832 K GSM: (+33|0) 6.13.14.37.66
29285 PLOUZANE CEDEX |\ E-mail: Ronan.Keryell at enst-bretagne.fr
FRANCE | \ http://www.lit.enstb.org/~keryell
More information about the linux-fai
mailing list