From mboxrd@z Thu Jan 1 00:00:00 1970 Message-Id: <200305151302.h4FD2m506279@augusta.math.psu.edu> To: 9fans@cse.psu.edu Subject: Re: [9fans] Re: Using 9P(2000) in Unix/Linux(/Windows) In-Reply-To: Your message of "Thu, 15 May 2003 07:04:00 CDT." From: Dan Cross Date: Thu, 15 May 2003 09:02:48 -0400 Topicbox-Message-UUID: ac9dfce4-eacb-11e9-9e20-41e7f4b1d025 > > A practical need I have in mind and which prompted me to ask: when > > booting a CD based 'live' Linux (like Knoppix) on an arbitrary PC > > machine I'd like to mount my home directory (with all dot filed > > settings) securely over the Internet. > > You'll need to create an encrypted tunnel first. Then the mount should > behave normally, except it will be even slower ;) Which is why he's interested in the Plan 9 way of doing things; you kind of get that for free. Ron's done 9p; the challenge is porting the Plan 9 authentication module to Linux; otherwise, it does the things you describe as being necessary for security, without storing anything locally on the CD (so you can lend it out to your hearts content). > These assume that you are booting the machine from the CD. > > If instead you simply want to take an existing Linux machine, slap a CD > into a drive, and then open a tunnel and mount the drive; calling that > secure at any point is hopeless with todays technology. The system is > not secrurable (ie TEMPEST/Van Eck, bus snooping, left behind swap and > malloc fragments with code/data sitting around, regular archival runs, > etc.). Eh? How does booting your own distribution of Linux protect you from someone using a van Eck device? > You've got yourself a very! hard problem in the second case. The hardware based attacks, yes. Someone can always hook a logic probe up to some random computer and look at stuff going into the memory banks (potentially they can do that after you're done using the computer and it's been turned off, too). But, the crypto/authentication part is a solved problem, just not on the target platform. At least the filesystem is there. - Dan C.