[lug] Protecting filesystems [Was: R00tKIT!! Raah!]

Zan Lynx zlynx at acm.org
Wed Jun 15 12:12:07 MDT 2005


On Wed, 2005-06-15 at 12:03 -0600, D. Stimits wrote:
> One problem is that even if you do something like run entirely from a CD 
> distro, they *can* still exploit it...but the exploits are in ram. When 
> you reboot it, the exploit is erased, you essentially have a new 
> install. But that new install is still vulnerable and they can do it 
> again as soon as reboot is done. Certainly you need to protect the 
> filesystem, but making it read-only is only a partial solution if the 
> attacker is a persistent non-script-kiddie. Sometimes I think it would 
> be nice to have the system ram itself somehow loopback encrypted, right 
> down to the last byte of memory...but that would probably require 
> hardware support and I have no idea how it could be done even with that.

Right...for that you want Trusted Computing.  With CPU support, you load
the key into the CPU from the crypto hardware chip, which produces the
key out of its internal private key and the provided public key and also
verifies the CPU is executing in a trusted context...perhaps the
instruction pointer has to be located inside a RAM page that has the
correct checksum or perhaps the executing RAM page *is* the public key.
-- 
Zan Lynx <zlynx at acm.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20050615/30a52722/attachment.pgp>


More information about the LUG mailing list