sivoais has quit [Read error: Connection reset by peer]
kristianpaul has quit [Ping timeout: 260 seconds]
kristianpaul has joined #qi-hardware
emeb has joined #qi-hardware
sivoais has joined #qi-hardware
dandon_ has joined #qi-hardware
sivoais has quit [Ping timeout: 245 seconds]
dandon has quit [Ping timeout: 245 seconds]
dandon_ is now known as dandon
_ffio_ has quit [Quit: WeeChat 0.4.1]
ffio has joined #qi-hardware
sivoais has joined #qi-hardware
wej has joined #qi-hardware
ffio has quit [Quit: WeeChat 0.4.1]
sivoais has quit [Ping timeout: 248 seconds]
sivoais has joined #qi-hardware
Luke-Jr has quit [Ping timeout: 245 seconds]
Luke-Jr has joined #qi-hardware
sivoais has quit [Ping timeout: 245 seconds]
sivoais has joined #qi-hardware
ffio has joined #qi-hardware
valhalla has quit [Ping timeout: 264 seconds]
arossdotme has quit [Ping timeout: 245 seconds]
sivoais has quit [Ping timeout: 246 seconds]
emeb has quit [Ping timeout: 256 seconds]
valhalla has joined #qi-hardware
ffio has quit [Quit: WeeChat 0.4.1]
jekhor has joined #qi-hardware
pcercuei has quit [Ping timeout: 276 seconds]
ffio has joined #qi-hardware
arossdotme has joined #qi-hardware
zear has quit [Read error: Connection reset by peer]
zear has joined #qi-hardware
wej_ has joined #qi-hardware
wej has quit [Ping timeout: 260 seconds]
dlan^ has joined #qi-hardware
ffio has quit [Ping timeout: 246 seconds]
lekernel has joined #qi-hardware
ffio has joined #qi-hardware
ffio has quit [Client Quit]
ffio has joined #qi-hardware
kuribas has joined #qi-hardware
lekernel has quit [Ping timeout: 256 seconds]
ffio has quit [Quit: WeeChat 0.4.1]
LunaVorax has joined #qi-hardware
lekernel has joined #qi-hardware
LunaVorax has quit [Ping timeout: 276 seconds]
porchao has joined #qi-hardware
LunaVorax has joined #qi-hardware
ffio has joined #qi-hardware
dlan^ has quit [Remote host closed the connection]
ffio has quit [Quit: WeeChat 0.4.1]
ffio has joined #qi-hardware
unclouded has quit [Ping timeout: 272 seconds]
LunaVorax has quit [Ping timeout: 246 seconds]
pcercuei has joined #qi-hardware
pcercuei has quit [Ping timeout: 264 seconds]
jekhor has quit [Ping timeout: 246 seconds]
ffio has quit [Quit: WeeChat 0.4.1]
ffio has joined #qi-hardware
ffio has quit [Quit: WeeChat 0.4.1]
Luke-Jr has quit [Excess Flood]
Luke-Jr has joined #qi-hardware
wolfspraul has joined #qi-hardware
LunaVorax has joined #qi-hardware
ffio has joined #qi-hardware
xiangfu has joined #qi-hardware
xiangfu has quit [Remote host closed the connection]
ffio has quit [Quit: WeeChat 0.4.1]
ffio has joined #qi-hardware
rz2k has joined #qi-hardware
ffio has quit [Quit: WeeChat 0.4.1]
emeb has joined #qi-hardware
ffio has joined #qi-hardware
ffio has quit [Quit: WeeChat 0.4.1]
ffio has joined #qi-hardware
ffio has quit [Client Quit]
ffio has joined #qi-hardware
jekhor has joined #qi-hardware
ffio_ has joined #qi-hardware
ffio has quit [Ping timeout: 276 seconds]
kilae has joined #qi-hardware
ffio_ has quit [Quit: WeeChat 0.4.1]
jekhor has quit [Ping timeout: 240 seconds]
wej has joined #qi-hardware
ffio has joined #qi-hardware
wej_ has quit [Ping timeout: 248 seconds]
ffio has quit [Client Quit]
wolfspraul has quit [Ping timeout: 256 seconds]
wolfspraul has joined #qi-hardware
ffio has joined #qi-hardware
<kristianpaul>
evening? :)
<viric>
hello
<viric>
is there any linux setting that may avoid access to kernel memory even for the root user? No /dev/mem, no /proc/kcore, ... can it be configured that way?
<viric>
(I wonder if that may disable knowing dmcrypt keys even to someone having root access)
wolfspra1l has joined #qi-hardware
wolfspraul has quit [Ping timeout: 276 seconds]
<whitequark>
viric: I think yes
<viric>
/dev/mem and /proc/kcore may be enough?
<whitequark>
there's that secure boot thingy
<viric>
ah. any pointer?
<whitequark>
and it mandates disabling all access to kernel memory for the user. the write one, at least, but I'd guess it will disable read access as well (keys ?)
<whitequark>
hm
<whitequark>
I think it works by making root non-root with selinux
<whitequark>
and, generally, selinux can do that
<viric>
uh, that's too hard-way for my taste.
<whitequark>
lol
<viric>
If it were only /dev/mem and /proc/kcore, it'd be much easier :)
<viric>
how would root read the kernel memory without /dev/mem or /proc/kcore ?
<whitequark>
load a module
<whitequark>
exploit some privileged API, which are usually less well-tested than non-privileged one
<whitequark>
eg direct rendering stuff
wolfspra1l has quit [Ping timeout: 240 seconds]
<viric>
ah the modules, yes. I forgot about modules.
<viric>
ok. I was too naive :)
<kyak>
disable module loading
<viric>
and dri, etc.
<roh>
kyak: doesnt help.
<whitequark>
viric: how does an attacker get root on your system?
<whitequark>
physical access?
<viric>
could be.
<viric>
stealing a powered on computer.
<whitequark>
what computer it is?
<viric>
a laptop
<whitequark>
does it have firewire/mini-pci/mini-pcie ports?
<whitequark>
thunderbolt (cough)
<whitequark>
does it have replaceable memory sticks?
<whitequark>
if the answer to either of those is "yes", you're screwed either way
<viric>
:)
<viric>
yes
<viric>
in any case it'd be some kind of targetted attack, if someone wants to get my dmcrypt key :)
* whitequark
nods
<whitequark>
and you miss a crucial point
<mog>
i thought if you have more memory then the dma space that isnt a problem any more?
<whitequark>
if someone needs your key, it's far easier to steal *you* and beat with something steel-y and heavey
<whitequark>
until you tell it
<whitequark>
mog: eh, not really
<viric>
whitequark: yes, the iron up the ass
<whitequark>
viric: are you sure you're not russian? :D
<viric>
whitequark: what's the correct term на русском? :)
emeb has quit [Ping timeout: 276 seconds]
<whitequark>
yes yes, iron. soldering iron to be specific
<whitequark>
mog: you'd input the key at early boot
<whitequark>
so chances that the block with it is allocated in low 4G of RAM are very high
<whitequark>
no, the police ones. they use some pre-made software which just uses pre-existing backdoors or built-in capabilities
<whitequark>
any kind of custom security will mean they either do nothing, or create you personally more problems
ffio has quit [Quit: WeeChat 0.4.1]
<whitequark>
(yes, dm-crypt on a laptop counts as "custom")
<viric>
yes.
<whitequark>
besides, can't you just turn it off :D
<viric>
but it's specially annoying the law things about that
<whitequark>
eh
<whitequark>
schlaw
<viric>
well, encryption is a mean to quicker self-destruction
<viric>
to avoid the soldering iron attack
<whitequark>
what's more important to you: your data or your well-being?
<viric>
:)
<whitequark>
and that is a valid question with different answers in different cases, srsly
<viric>
well, I should be able to tell that the laptop wasn't working, or so.
<whitequark>
but I myself would just clean the laptop blank
<viric>
if not, bad. :)
<viric>
clean the laptop when?
<whitequark>
before crossing a border
<viric>
ah ok
<viric>
yes, airports are very frightening places.
<viric>
I could have a 'travelling laptop', not my usual one.
<viric>
whitequark: same with the phone?
<whitequark>
viric: yeah
<whitequark>
re data erasure
<whitequark>
you can send an SSD a TRIM 0:$capacity command in a millisecond
<whitequark>
ofcourse it won't get erased immediately, but I would be really eager to look at any working method of data extraction in such case
<whitequark>
imo, that's still all too theoretical
<whitequark>
it's not hard to defend yourself from a wide-range attack, and if you're targeted personally, you're *really fucked*
<whitequark>
encryption would be your least concern
<whitequark>
I think the most interesting case for strong crypto is a narrow-range attack. say you're a CEO (or a Boeing engineer, etc). you probably carry some interesting stuff, but no one is going after you personally
<whitequark>
i.e. it's opportunistic
<viric>
Yes.
<viric>
even not being a CEO, if someone steals my disks, I'd feel better if they were encrypted.
* whitequark
nods
<viric>
so that's the main purpose. and in some kind of targetted attacks, that can also help
<viric>
only some kind :)
<whitequark>
such as?
ffio has joined #qi-hardware
<viric>
maybe some dumb acquaintance, that wants to annoy me
jekhor has joined #qi-hardware
<whitequark>
right
LunaVorax has quit [Ping timeout: 260 seconds]
LunaVorax has joined #qi-hardware
LunaVorax has quit [Quit: Quitte]
LunaVorax has joined #qi-hardware
kilae has quit [Quit: ChatZilla 0.9.90.1 [Firefox 22.0/20130618035212]]
LunaVorax has quit [Ping timeout: 246 seconds]
LunaVorax has joined #qi-hardware
viric has quit [Ping timeout: 240 seconds]
viric has joined #qi-hardware
lekernel has quit [Quit: Leaving]
unclouded has joined #qi-hardware
wej has quit [Ping timeout: 245 seconds]
kuribas has quit [Quit: ERC Version 5.3 (IRC client for Emacs)]