Re: Patch for chroot() in 2.5STABLE1

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 4 Oct 2002 01:46:17 +0200

On Thursday 03 October 2002 23.51, Andrew Rucker Jones wrote:

> Theoretical question: If an attack managed to crack Squid, wouldn't
> configuration data and SSL certificates be available to him/her
> anyway? After all, those data have to either be stored in memory or
> Squid has to keep a file descriptor to them, right? Well, i guess
> i'm just thinking in terms of a buffer overflow. Other attacks that
> may be able to reach the filesystem may not be able to reach
> Squid's internals. Hm.

In theory the possibility exists, but it depends on how Squid is being
cracked and how smart the cracker is. Also, often there is many other
components running within the jail such as authentication helpers,
redirectors, external_acl helpers, ... so why take the chance if one
does not need to?

Regarding paranoid SSL key management:

The only way to fully secure SSL keys from crackers is to use a
hardware RSA crypto engine where the keys are kept internally in the
crypto engine only, and where the keys is in a way that the key is
automatically destructed on any attempt on physical tampering with
the crypto hardware, and also requiring physical entry of a unlock
code to activate the keys after power loss.

The hardware crypto engine with internal keys ensures that the key
cannot be stolen by electronic theft without physical access.

The self-destruct on tamper ensures that the key cannot be extracted
from the crypto hardware by physical means.

The requirement of entering a unlock code into the crypto hardware
ensures that the crypto hardware cannot easily be relocated.

Regards
Henrik
Received on Thu Oct 03 2002 - 17:46:27 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:16:52 MST