[Cryptography] Usable Security Based On Sufficient Endpoint-Specific Unpredictability

Ray Dillinger bear at sonic.net
Sun Oct 11 15:32:59 EDT 2015 


On 10/11/2015 03:32 AM, Ralf Senderek wrote:

> Malware that has got read access as the root user could read any file or
> information on the endpoint device, but as the production of the password
> requires execute permission, all secret information secured with this
> password is still safe until execute permission is gained.
> 
> Everything short of running code as root should not compromise the
> protected
> information. If such a secret-producing process existed it would be a
> substitution for user provided passwords and would increase the usability
> of crypto considerably.


Read those two paragraphs again and ask yourself why execute
permission as root would be required to reveal the secret.
The point is that the malware is already executing (as the
user); it doesn't need to get root execute privileges if
it has root read privileges.

If the malware can read with root privilege then it can read
executable code with root privilege.  And if it can read
executable code with root privilege, and it is already executing,
then it can execute that code, if in no other way, then by
using, eg, a Bochs machine or the equivalent built into
the malware.

What it comes down to is that you can't rely on execute
privilege alone to protect secrets.  For example, if
execution of some program as root can give the number 54,
then any process that has root-level read privileges can
perform the computation to get that number, whether they
run the computation as root or as some other user.

You may rely on execute privilege to prevent particular
usage of those non-secrets, however.  For example only a
root process could take that number, turn around, and
open a connection on port 54.

				Bear

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151011/7b3cff65/attachment.sig>

More information about the cryptography mailing list