On Wed, 11 Feb 2015 03:42:50 +0530, noyb noybee said: > Apologies for the late reply. > > > Plus the whole passphrase thing is probably equally easy to defeat. (Hint - > > how does the passphrase get passed to the kernel in the first place?) > > I am planning to create a new system call for that and I am not sure > how that would be insecure. Please correct me if I am wrong. You missed the point. How does the process *securely* get the passphrase that will be passed into the syscall? (Hint - a keystroke logger is only the *start* of your problems. Think about why the kernel module signing code uses public-key crypto instead of symmetric private keys...) > What you're saying is definitely simpler than my approach but it > probably violates some POSIX standards(including chdir in chroot) > which I don't want to. Also, I aim for my tool to be just a simple > addendum to the traditional system call rather than adding a > completely new call to handle the entire process. The problem with "simple addendum" is that it's *really* hard to get it right.
Attachment:
pgpwl6qaTjtLy.pgp
Description: PGP signature
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
