On Tue, Jul 21, 2015 at 9:46 PM, Salz, Rich <rsalz at akamai.com> wrote: > > > Actually that isn't quite right. A properly configured and > tuned RBAC policy, when combined with PaX, can very effectively limit all > userspace activity (including root access!). > > How do you know that the module is installed and actually doing things? > How do you know what kernel is actually booted? > Of course you're right. One might also consider attack vectors from an unsecured BMC or the IME - they probably have undetectable DMA access to the host, after all. But that isn't the point ... steps can and should be taken to lock down the host operating system. > > > It helps if you can also use a hardware security module to protect your > key material. > > How do you know that the operations that YOU request are actually the ones > being performed? How do you know that the operating system isn't making > additional requests of its own? > > You have to trust root. No two ways about it. > The first question has no bearing on the second statement. With or without grsecurity/selinux, you have no way to guarantee that the kernel is operating the way you expect it to at any given time. I suppose it boils down to the threat model. However, limiting root's power is a good idea, and grsecurity provides an excellent framework in which to do so. Caveat emptor. > > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150721/113ff07a/attachment.html>
