[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: User sessions, system request

From: Jonathan S. Shapiro
Subject: Re: User sessions, system request
Date: Wed, 30 Jan 2008 10:50:33 -0500

On Fri, 2008-01-18 at 17:39 +0100, Bas Wijnen wrote:
> Hi,
> It's been a while since anything happened here.  I haven't had any
> comments about my kernel, which I found disappointing (I talked a bit
> about it with Marcus, so I didn't expect new comments from him, but I
> had expected some from others like Jonathan).


I apologize, but (as you have probably figured out) things have been
very hectic, and I really don't have time to look at another kernel
right now.  As I said in my other mail, I think there are some
fundamental problems with trusted path in the session management design
that you have outlined.

Here is a pair of "litmus test" questions:

If I am a user typing in a password,

  1. How does the receiving software know that the password is
     coming from the user, and not from software simulating the user?

  2. How does the user know that the password they type is going
     to software that can be trusted to protect it, rather than
     software that will broadcast the password to the entire world?

Both issues are very difficult, and they both require support from both
hardware and software (in particular, hardware keyboard sniffers are a
serious problem). Both issues tend to prohibit designs in which
arbitrary drivers can be replaced by untrusted users.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]