Date: Tue, 12 Mar 2002 00:04:17 -0800 From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: Patrick Thomas <root@utility.clubscholarship.com> Cc: freebsd-hackers@FreeBSD.ORG, freebsd-emulation@FreeBSD.ORG Subject: Re: cryptography implications (privacy) of FreeBSD jail ? Message-ID: <20020312000417.F29705@blossom.cjclark.org> In-Reply-To: <20020311161036.B69654-100000@utility.clubscholarship.com>; from root@utility.clubscholarship.com on Mon, Mar 11, 2002 at 04:13:16PM -0800 References: <20020311161036.B69654-100000@utility.clubscholarship.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 11, 2002 at 04:13:16PM -0800, Patrick Thomas wrote: > > Let's say I am running in a jail, and say 5 other people are running in > other, seperate jails on the same machine. > > Now lets say I start up pgp, and generate my keys, and generally use pgp > through the command line in my jail. Or, instead of pgp I do other crypto > related sensitive activities... > > what is my risk here ? Can someone either on the host machine or in one > of the other jails watch memory on the machine and discern things like my > keys or passphrases or have very easy access to the data I am decrypting ? As always, root on the host ownz you. root in your jail probably does too. If the jails are set up "promiscuously," I can think of ways users in other jails could get information, but if they are set up well, I don't see any straightforward attacks. But I haven't done exhaustive research. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020312000417.F29705>