"Stateless Linux" project
Kyrre Ness Sjobak
kyrre at solution-forge.net
Tue Sep 14 20:23:05 UTC 2004
tir, 14.09.2004 kl. 18.45 skrev Steve Coleman:
> John Hearns john.hearns-at-clustervision.com |fedora| wrote:
>
> > My contention is that the MAC is the only 'key' at this
> > stage.
>
> I was just basically saying to make sure security is thought about early
> in the boot process, or at least as early as possible. Authenticating
> and verifying images can only be done reliably when there is a security
> context of some sort installed already. If there is a way to cache a vpn
> key locally to be used for the initial boot process then spoofing the
> MAC address (think 'script kiddies' here) would do you little good. That
> of course assumes a way to cache the key across instances of the OS, but
> they did mention that local caching was a goal of the proposed system.
>
> If a locally cached key is not configured/available then using the
> hardware MAC is the best you can do and it should fall back to the mode
> that you suggested. But having the key cached locally could essentially
> do what M$ Palladium(tm) aimed to do by verifying the runtime boot
> images first and giving you a verifiable core memory image free of
> network delivered rootkits etc.. If someone chose to enable that extra
> security feature then they could be reasonably ensured that *every*
> machine in their domain is not running a hacked image. If one delivered
> image is hacked then they all might be, and how would you know which?
> The verified memory image would then go on to verify that the rest of
> the system security is also sound, like to the SELinux level if it is
> configured that way. Not everyone needs this kind of setup, but some do.
>
> > Speaking as someone who looks after a Mosix cluster,
> > from what I've read I doubt Mosix will ever make it into
> > the official Linux kernel.
>
> As for Mosix I am likely putting my foot in my mouth, as I never used
> it. I do fault tolerant distributed processing but I do customized
> applications for research purposes. I do however like the ideas that
> Mosix is trying to achieve. I have had to build a system much like that
> myself and appreciate how nice it would be to have those features
> available on every machine by default.
>
> I would love to hear more of your thoughts about Mosix off line if you
> have a few minutes to spare. ;)
>
> Other than that I was just rambling on. - lol
>
> Steve Coleman
> http://www jhuapl edu/
> steve.coleman [atsign] jhuapl [adot] edu
>
>
>
>
One way to cache VPN keys localy (and other stuff) would be to mount
/etc on a flash-disk. But that might again defeat the whole purpose of
this stuff...
More information about the fedora-devel-list
mailing list