Re: [RFC PATCH v5 0/1] Add dm verity root hash pkcs7 sig validation.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Hello Eric,

On Fri, 28 Jun 2019, Eric Biggers wrote:

In a datacenter like environment, this will protect the system from below
attacks:

1.Prevents attacker from deploying scripts that run arbitrary executables on the system.
2.Prevents physically present malicious admin to run arbitrary code on the
  machine.

Regards,
Jaskaran

So you are trying to protect against people who already have a root shell?

Can't they just e.g. run /usr/bin/python and type in some Python code?

Or run /usr/bin/curl and upload all your secret data to their server.

- Eric


You are correct, it would not be feasible for a general purpose distro, but for embedded systems and other cases where there is a more tightly locked-down system.

Regards,
Jaskaran.

--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/dm-devel



[Index of Archives]     [DM Crypt]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite Discussion]     [KDE Users]     [Fedora Docs]

  Powered by Linux