[sldev] OpenID & SSL certificates
Argent Stonecutter
secret.argent at gmail.com
Mon Oct 1 19:38:24 PDT 2007
On 01-Oct-2007, at 20:09, Ryan McDougall wrote:
> Most linux distro's ship SELinux enabled.
That's nice. Look, I've been working with "better than C2" UNIX for
decades, and none of them implement the kind of mandatory access
control at every level that I'm talking about here. The closer they
get the more of a pain in the ass they are. Maybe one percent of the
people even running SL on Linux are going to bother, and they're the
people who least need it, because Linux users (let alone paranoid
Linux users) aren't the kind of people likely to get phished in the
first place.
> While youre definitely right, there is more than one way to attack a
> crypto binary from a compromised SL viewer,
If you have a compromised SL viewer you don't have to attack
anything. You already have the golden ring, you've won. The goal here
is not protecting the cryptosystem, it's protecting the viewer. The
big sloppy viewer that's using a couple of dozen big sloppy shared
libraries. Once the bad guy has ANY compromised software on your
computer, the viewer is dead meat.
So that's the trick. How do you protect the viewer? Well, one, you
don't require people to run any other big sloppy GUI applications to
use it. Like, you know, a browser?
So...
This doesn't solve the problem that's important to solve, it just
makes it worse, by bringing in a previously unnecessary component...
without actually making the viewer itself any more resistant to
compromise.
You haven't put up another door in front of the valuables, you've
knocked a hole in the wall NEXT to the door that's already there, and
put a really secure door up in its place.
More information about the SLDev
mailing list