Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 12 Mar 2002 00:04:17 -0800
From:      "Crist J. Clark" <cjc@FreeBSD.ORG>
To:        Patrick Thomas <root@utility.clubscholarship.com>
Cc:        freebsd-hackers@FreeBSD.ORG, freebsd-emulation@FreeBSD.ORG
Subject:   Re: cryptography implications (privacy) of FreeBSD jail ?
Message-ID:  <20020312000417.F29705@blossom.cjclark.org>
In-Reply-To: <20020311161036.B69654-100000@utility.clubscholarship.com>; from root@utility.clubscholarship.com on Mon, Mar 11, 2002 at 04:13:16PM -0800
References:  <20020311161036.B69654-100000@utility.clubscholarship.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 11, 2002 at 04:13:16PM -0800, Patrick Thomas wrote:
> 
> Let's say I am running in a jail, and say 5 other people are running in
> other, seperate jails on the same machine.
> 
> Now lets say I start up pgp, and generate my keys, and generally use pgp
> through the command line in my jail.  Or, instead of pgp I do other crypto
> related sensitive activities...
> 
> what is my risk here ?  Can someone either on the host machine or in one
> of the other jails watch memory on the machine and discern things like my
> keys or passphrases or have very easy access to the data I am decrypting ?

As always, root on the host ownz you. root in your jail probably does
too. If the jails are set up "promiscuously," I can think of ways
users in other jails could get information, but if they are set up
well, I don't see any straightforward attacks. But I haven't done
exhaustive research.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020312000417.F29705>