Date: Mon, 9 Feb 2009 15:30:33 -0800 (PST) From: Lyndon Nerenberg <lyndon@orthanc.ca> To: Daniel Roethlisberger <daniel@roe.ch> Cc: Jason Stone <freebsd-security@dfmm.org>, freebsd-security@freebsd.org Subject: Re: OPIE considered insecure Message-ID: <alpine.BSF.2.00.0902091519580.61088@mm.orthanc.ca> In-Reply-To: <20090209224806.GB63675@hobbes.ustdmz.roe.ch> References: <200902090957.27318.mail@maxlor.com> <20090209170550.GA60223@hobbes.ustdmz.roe.ch> <alpine.BSF.2.00.0902091246280.61088@mm.orthanc.ca> <20090209134738.G15166@treehorn.dfmm.org> <alpine.BSF.2.00.0902091402040.61088@mm.orthanc.ca> <20090209224806.GB63675@hobbes.ustdmz.roe.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
> My use case is primarily to log in from highly untrusted and > malware infested systems. OPIE has been a usable solution to > that problem. I'm primarily worried about keyloggers and USB > memory stick content dumpers. OPIE fits that bill quite well. It does, but *only* if you are running your own trusted ssh binary. Preferably one that is statically linked, but even then you're subject to the kernel-based keystroke logging. >From what you're describing, I would be more inclined to carry a bootable OS on that USB stick and reboot into that. I have systems running OpenBSD that boot and run from 2GB USB sticks. There's no reason you couldn't do the same with FreeBSD. --lyndon The longest UNIX error code is ENAMETOOLONG.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.0902091519580.61088>