From owner-freebsd-emulation  Tue Mar 12  0: 4:26 2002
Delivered-To: freebsd-emulation@freebsd.org
Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39])
	by hub.freebsd.org (Postfix) with ESMTP
	id 338CC37B400; Tue, 12 Mar 2002 00:04:23 -0800 (PST)
Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc53.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020312080417.DGYJ2951.rwcrmhc53.attbi.com@blossom.cjclark.org>;
          Tue, 12 Mar 2002 08:04:17 +0000
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.6) id g2C84Hu31718;
	Tue, 12 Mar 2002 00:04:17 -0800 (PST)
	(envelope-from cjc)
Date: Tue, 12 Mar 2002 00:04:17 -0800
From: "Crist J. Clark" <cjc@FreeBSD.ORG>
To: Patrick Thomas <root@utility.clubscholarship.com>
Cc: freebsd-hackers@FreeBSD.ORG, freebsd-emulation@FreeBSD.ORG
Subject: Re: cryptography implications (privacy) of FreeBSD jail ?
Message-ID: <20020312000417.F29705@blossom.cjclark.org>
References: <20020311161036.B69654-100000@utility.clubscholarship.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020311161036.B69654-100000@utility.clubscholarship.com>; from root@utility.clubscholarship.com on Mon, Mar 11, 2002 at 04:13:16PM -0800
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-emulation@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-emulation.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-emulation>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-emulation>
X-Loop: FreeBSD.org

On Mon, Mar 11, 2002 at 04:13:16PM -0800, Patrick Thomas wrote:
> 
> Let's say I am running in a jail, and say 5 other people are running in
> other, seperate jails on the same machine.
> 
> Now lets say I start up pgp, and generate my keys, and generally use pgp
> through the command line in my jail.  Or, instead of pgp I do other crypto
> related sensitive activities...
> 
> what is my risk here ?  Can someone either on the host machine or in one
> of the other jails watch memory on the machine and discern things like my
> keys or passphrases or have very easy access to the data I am decrypting ?

As always, root on the host ownz you. root in your jail probably does
too. If the jails are set up "promiscuously," I can think of ways
users in other jails could get information, but if they are set up
well, I don't see any straightforward attacks. But I haven't done
exhaustive research.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-emulation" in the body of the message