From owner-freebsd-security@FreeBSD.ORG  Mon Feb  9 23:31:54 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C0E7F106582A
	for <freebsd-security@freebsd.org>;
	Mon,  9 Feb 2009 23:30:49 +0000 (UTC)
	(envelope-from lyndon@orthanc.ca)
Received: from orthanc.ca (orthanc.ca [208.86.224.138])
	by mx1.freebsd.org (Postfix) with ESMTP id 79C408FC2B
	for <freebsd-security@freebsd.org>;
	Mon,  9 Feb 2009 23:30:49 +0000 (UTC)
	(envelope-from lyndon@orthanc.ca)
Received: from mm.wbb.net.cable.rogers.com (mm.wbb.net.cable.rogers.com
	[74.210.92.229]) (authenticated bits=0)
	by orthanc.ca (8.14.3/8.14.3) with ESMTP id n19NUdro093324
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Mon, 9 Feb 2009 15:30:42 -0800 (PST)
	(envelope-from lyndon@orthanc.ca)
Date: Mon, 9 Feb 2009 15:30:33 -0800 (PST)
From: Lyndon Nerenberg <lyndon@orthanc.ca>
To: Daniel Roethlisberger <daniel@roe.ch>
In-Reply-To: <20090209224806.GB63675@hobbes.ustdmz.roe.ch>
Message-ID: <alpine.BSF.2.00.0902091519580.61088@mm.orthanc.ca>
References: <200902090957.27318.mail@maxlor.com>
	<20090209170550.GA60223@hobbes.ustdmz.roe.ch>
	<alpine.BSF.2.00.0902091246280.61088@mm.orthanc.ca>
	<20090209134738.G15166@treehorn.dfmm.org>
	<alpine.BSF.2.00.0902091402040.61088@mm.orthanc.ca>
	<20090209224806.GB63675@hobbes.ustdmz.roe.ch>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
Organization: The Frobozz Magic Homing Pigeon Company
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham
	version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on orthanc.ca
Cc: Jason Stone <freebsd-security@dfmm.org>, freebsd-security@freebsd.org
Subject: Re: OPIE considered insecure
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Feb 2009 23:32:27 -0000

> My use case is primarily to log in from highly untrusted and
> malware infested systems.  OPIE has been a usable solution to
> that problem.  I'm primarily worried about keyloggers and USB
> memory stick content dumpers.  OPIE fits that bill quite well.

It does, but *only* if you are running your own trusted ssh binary. 
Preferably one that is statically linked, but even then you're subject to 
the kernel-based keystroke logging.

>From what you're describing, I would be more inclined to carry a bootable 
OS on that USB stick and reboot into that. I have systems running OpenBSD 
that boot and run from 2GB USB sticks. There's no reason you couldn't do 
the same with FreeBSD.

--lyndon

   The longest UNIX error code is ENAMETOOLONG.