From: Dan Cross <cross@math.psu.edu>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] Re: Using 9P(2000) in Unix/Linux(/Windows)
Date: Thu, 15 May 2003 09:02:48 -0400 [thread overview]
Message-ID: <200305151302.h4FD2m506279@augusta.math.psu.edu> (raw)
In-Reply-To: Your message of "Thu, 15 May 2003 07:04:00 CDT." <Pine.LNX.4.33.0305150650330.7974-100000@einstein.ssz.com>
> > A practical need I have in mind and which prompted me to ask: when
> > booting a CD based 'live' Linux (like Knoppix) on an arbitrary PC
> > machine I'd like to mount my home directory (with all dot filed
> > settings) securely over the Internet.
>
> You'll need to create an encrypted tunnel first. Then the mount should
> behave normally, except it will be even slower ;)
Which is why he's interested in the Plan 9 way of doing things; you
kind of get that for free. Ron's done 9p; the challenge is porting
the Plan 9 authentication module to Linux; otherwise, it does the
things you describe as being necessary for security, without storing
anything locally on the CD (so you can lend it out to your hearts
content).
> These assume that you are booting the machine from the CD.
>
> If instead you simply want to take an existing Linux machine, slap a CD
> into a drive, and then open a tunnel and mount the drive; calling that
> secure at any point is hopeless with todays technology. The system is
> not secrurable (ie TEMPEST/Van Eck, bus snooping, left behind swap and
> malloc fragments with code/data sitting around, regular archival runs,
> etc.).
Eh? How does booting your own distribution of Linux protect you from
someone using a van Eck device?
> You've got yourself a very! hard problem in the second case.
The hardware based attacks, yes. Someone can always hook a logic probe
up to some random computer and look at stuff going into the memory
banks (potentially they can do that after you're done using the
computer and it's been turned off, too). But, the
crypto/authentication part is a solved problem, just not on the target
platform. At least the filesystem is there.
- Dan C.
next prev parent reply other threads:[~2003-05-15 13:02 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-14 8:57 [9fans] " Anssi Porttikivi
2003-05-14 9:25 ` boyd, rounin
2003-05-14 9:58 ` Stephen Wynne
2003-05-14 10:12 ` boyd, rounin
2003-05-14 12:10 ` Russ Cox
2003-05-14 12:29 ` Stephen Wynne
2003-05-14 13:47 ` ron minnich
2003-05-14 16:16 ` boyd, rounin
2003-05-14 15:57 ` boyd, rounin
2003-05-14 17:02 ` ron minnich
2003-05-14 17:05 ` boyd, rounin
2003-05-14 13:44 ` ron minnich
2003-05-15 9:22 ` Anssi Porttikivi
2003-05-15 12:04 ` [9fans] " Jim Choate
2003-05-15 13:02 ` Dan Cross [this message]
2003-05-15 13:08 ` boyd, rounin
2003-05-15 14:26 ` ron minnich
2003-05-15 13:59 ` [9fans] " ron minnich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200305151302.h4FD2m506279@augusta.math.psu.edu \
--to=cross@math.psu.edu \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).