"Stateless Linux" project

Kyrre Ness Sjobak kyrre at solution-forge.net
Tue Sep 14 20:23:05 UTC 2004


tir, 14.09.2004 kl. 18.45 skrev Steve Coleman:
> John Hearns john.hearns-at-clustervision.com |fedora| wrote:
> 
> > My contention is that the MAC is the only 'key' at this
> > stage. 
> 
> I was just basically saying to make sure security is thought about early 
> in the boot process, or at least as early as possible. Authenticating 
> and verifying images can only be done reliably when there is a security 
> context of some sort installed already. If there is a way to cache a vpn 
> key locally to be used for the initial boot process then spoofing the 
> MAC address (think 'script kiddies' here) would do you little good. That 
> of course assumes a way to cache the key across instances of the OS, but 
> they did mention that local caching was a goal of the proposed system.
> 
> If a locally cached key is not configured/available then using the 
> hardware MAC is the best you can do and it should fall back to the mode 
> that you suggested.  But having the key cached locally could essentially 
> do what M$ Palladium(tm) aimed to do by verifying the runtime boot 
> images first and giving you a verifiable core memory image free of 
> network delivered rootkits etc.. If someone chose to enable that extra 
> security feature then they could be reasonably ensured that *every* 
> machine in their domain is not running a hacked image.  If one delivered 
> image is hacked then they all might be, and how would you know which? 
> The verified memory image would then go on to verify that the rest of 
> the system security is also sound, like to the SELinux level if it is 
> configured that way. Not everyone needs this kind of setup, but some do.
> 
>  > Speaking as someone who looks after a Mosix cluster,
>  > from what I've read I doubt Mosix will ever make it into
>  > the official Linux kernel.
> 
> As for Mosix I am likely putting my foot in my mouth, as I never used 
> it. I do fault tolerant distributed processing but I do customized 
> applications for research purposes. I do however like the ideas that 
> Mosix is trying to achieve. I have had to build a system much like that 
> myself and appreciate how nice it would be to have those features 
> available on every machine by default.
> 
> I would love to hear more of your thoughts about Mosix off line if you 
> have a few minutes to spare. ;)
> 
> Other than that I was just rambling on. - lol
> 
> Steve Coleman
> http://www jhuapl edu/
> steve.coleman [atsign] jhuapl [adot] edu
> 
> 
> 
> 

One way to cache VPN keys localy (and other stuff) would be to mount
/etc on a flash-disk. But that might again defeat the whole purpose of
this stuff...





More information about the fedora-devel-list mailing list