Date: Tue, 12 Mar 2002 00:04:17 -0800 From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: Patrick Thomas <root@utility.clubscholarship.com> Cc: freebsd-hackers@FreeBSD.ORG, freebsd-emulation@FreeBSD.ORG Subject: Re: cryptography implications (privacy) of FreeBSD jail ? Message-ID: <20020312000417.F29705@blossom.cjclark.org> In-Reply-To: <20020311161036.B69654-100000@utility.clubscholarship.com>; from root@utility.clubscholarship.com on Mon, Mar 11, 2002 at 04:13:16PM -0800 References: <20020311161036.B69654-100000@utility.clubscholarship.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 11, 2002 at 04:13:16PM -0800, Patrick Thomas wrote:
>
> Let's say I am running in a jail, and say 5 other people are running in
> other, seperate jails on the same machine.
>
> Now lets say I start up pgp, and generate my keys, and generally use pgp
> through the command line in my jail. Or, instead of pgp I do other crypto
> related sensitive activities...
>
> what is my risk here ? Can someone either on the host machine or in one
> of the other jails watch memory on the machine and discern things like my
> keys or passphrases or have very easy access to the data I am decrypting ?
As always, root on the host ownz you. root in your jail probably does
too. If the jails are set up "promiscuously," I can think of ways
users in other jails could get information, but if they are set up
well, I don't see any straightforward attacks. But I haven't done
exhaustive research.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-emulation" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020312000417.F29705>