DocScrutinizer05 changed the topic of #qi-hardware to: Copyleft hardware - http://qi-hardware.com | hardware hackers join here to discuss Ben NanoNote, atben / atusb 802.15.4 wireless, and other community driven hw projects | public logging at http://en.qi-hardware.com/irclogs and http://irclog.whitequark.org/qi-hardware
LunaVorax has quit [Ping timeout: 276 seconds]
_ffio_ has joined #qi-hardware
ffio_ has quit [Ping timeout: 240 seconds]
sivoais has joined #qi-hardware
sivoais has quit [Ping timeout: 276 seconds]
pcercuei has quit [Ping timeout: 276 seconds]
pcercuei has joined #qi-hardware
pcercuei has quit [Ping timeout: 240 seconds]
pcercuei has joined #qi-hardware
sivoais has joined #qi-hardware
sivoais has quit [Ping timeout: 240 seconds]
pcercuei has quit [Ping timeout: 260 seconds]
pcercuei has joined #qi-hardware
sivoais has joined #qi-hardware
pcercuei has quit [Ping timeout: 245 seconds]
sivoais has quit [Ping timeout: 276 seconds]
porchao has quit [Quit: Leaving...]
sivoais has joined #qi-hardware
pcercuei has joined #qi-hardware
sivoais has quit [Ping timeout: 264 seconds]
sivoais has joined #qi-hardware
sivoais has quit [Read error: Connection reset by peer]
kristianpaul has quit [Ping timeout: 260 seconds]
kristianpaul has joined #qi-hardware
emeb has joined #qi-hardware
sivoais has joined #qi-hardware
dandon_ has joined #qi-hardware
sivoais has quit [Ping timeout: 245 seconds]
dandon has quit [Ping timeout: 245 seconds]
dandon_ is now known as dandon
_ffio_ has quit [Quit: WeeChat 0.4.1]
ffio has joined #qi-hardware
sivoais has joined #qi-hardware
wej has joined #qi-hardware
ffio has quit [Quit: WeeChat 0.4.1]
sivoais has quit [Ping timeout: 248 seconds]
sivoais has joined #qi-hardware
Luke-Jr has quit [Ping timeout: 245 seconds]
Luke-Jr has joined #qi-hardware
sivoais has quit [Ping timeout: 245 seconds]
sivoais has joined #qi-hardware
ffio has joined #qi-hardware
valhalla has quit [Ping timeout: 264 seconds]
arossdotme has quit [Ping timeout: 245 seconds]
sivoais has quit [Ping timeout: 246 seconds]
emeb has quit [Ping timeout: 256 seconds]
valhalla has joined #qi-hardware
ffio has quit [Quit: WeeChat 0.4.1]
jekhor has joined #qi-hardware
pcercuei has quit [Ping timeout: 276 seconds]
ffio has joined #qi-hardware
arossdotme has joined #qi-hardware
zear has quit [Read error: Connection reset by peer]
zear has joined #qi-hardware
wej_ has joined #qi-hardware
wej has quit [Ping timeout: 260 seconds]
dlan^ has joined #qi-hardware
ffio has quit [Ping timeout: 246 seconds]
lekernel has joined #qi-hardware
ffio has joined #qi-hardware
ffio has quit [Client Quit]
ffio has joined #qi-hardware
kuribas has joined #qi-hardware
lekernel has quit [Ping timeout: 256 seconds]
ffio has quit [Quit: WeeChat 0.4.1]
LunaVorax has joined #qi-hardware
lekernel has joined #qi-hardware
LunaVorax has quit [Ping timeout: 276 seconds]
porchao has joined #qi-hardware
LunaVorax has joined #qi-hardware
ffio has joined #qi-hardware
dlan^ has quit [Remote host closed the connection]
ffio has quit [Quit: WeeChat 0.4.1]
ffio has joined #qi-hardware
unclouded has quit [Ping timeout: 272 seconds]
LunaVorax has quit [Ping timeout: 246 seconds]
pcercuei has joined #qi-hardware
pcercuei has quit [Ping timeout: 264 seconds]
jekhor has quit [Ping timeout: 246 seconds]
ffio has quit [Quit: WeeChat 0.4.1]
ffio has joined #qi-hardware
ffio has quit [Quit: WeeChat 0.4.1]
Luke-Jr has quit [Excess Flood]
Luke-Jr has joined #qi-hardware
wolfspraul has joined #qi-hardware
LunaVorax has joined #qi-hardware
ffio has joined #qi-hardware
xiangfu has joined #qi-hardware
xiangfu has quit [Remote host closed the connection]
ffio has quit [Quit: WeeChat 0.4.1]
ffio has joined #qi-hardware
rz2k has joined #qi-hardware
ffio has quit [Quit: WeeChat 0.4.1]
emeb has joined #qi-hardware
ffio has joined #qi-hardware
ffio has quit [Quit: WeeChat 0.4.1]
ffio has joined #qi-hardware
ffio has quit [Client Quit]
ffio has joined #qi-hardware
jekhor has joined #qi-hardware
ffio_ has joined #qi-hardware
ffio has quit [Ping timeout: 276 seconds]
kilae has joined #qi-hardware
ffio_ has quit [Quit: WeeChat 0.4.1]
jekhor has quit [Ping timeout: 240 seconds]
wej has joined #qi-hardware
ffio has joined #qi-hardware
wej_ has quit [Ping timeout: 248 seconds]
ffio has quit [Client Quit]
wolfspraul has quit [Ping timeout: 256 seconds]
wolfspraul has joined #qi-hardware
ffio has joined #qi-hardware
<kristianpaul> evening? :)
<viric> hello
<viric> is there any linux setting that may avoid access to kernel memory even for the root user? No /dev/mem, no /proc/kcore, ... can it be configured that way?
<viric> (I wonder if that may disable knowing dmcrypt keys even to someone having root access)
wolfspra1l has joined #qi-hardware
wolfspraul has quit [Ping timeout: 276 seconds]
<whitequark> viric: I think yes
<viric> /dev/mem and /proc/kcore may be enough?
<whitequark> there's that secure boot thingy
<viric> ah. any pointer?
<whitequark> and it mandates disabling all access to kernel memory for the user. the write one, at least, but I'd guess it will disable read access as well (keys ?)
<whitequark> hm
<whitequark> I think it works by making root non-root with selinux
<whitequark> and, generally, selinux can do that
<viric> uh, that's too hard-way for my taste.
<whitequark> lol
<viric> If it were only /dev/mem and /proc/kcore, it'd be much easier :)
<viric> how would root read the kernel memory without /dev/mem or /proc/kcore ?
<whitequark> load a module
<whitequark> exploit some privileged API, which are usually less well-tested than non-privileged one
<whitequark> eg direct rendering stuff
wolfspra1l has quit [Ping timeout: 240 seconds]
<viric> ah the modules, yes. I forgot about modules.
<viric> ok. I was too naive :)
<kyak> disable module loading
<viric> and dri, etc.
<roh> kyak: doesnt help.
<whitequark> viric: how does an attacker get root on your system?
<whitequark> physical access?
<viric> could be.
<viric> stealing a powered on computer.
<whitequark> what computer it is?
<viric> a laptop
<whitequark> does it have firewire/mini-pci/mini-pcie ports?
<whitequark> thunderbolt (cough)
<whitequark> does it have replaceable memory sticks?
<whitequark> if the answer to either of those is "yes", you're screwed either way
<viric> :)
<viric> yes
<viric> in any case it'd be some kind of targetted attack, if someone wants to get my dmcrypt key :)
* whitequark nods
<whitequark> and you miss a crucial point
<mog> i thought if you have more memory then the dma space that isnt a problem any more?
<whitequark> if someone needs your key, it's far easier to steal *you* and beat with something steel-y and heavey
<whitequark> until you tell it
<whitequark> mog: eh, not really
<viric> whitequark: yes, the iron up the ass
<whitequark> viric: are you sure you're not russian? :D
<viric> whitequark: what's the correct term на русском? :)
emeb has quit [Ping timeout: 276 seconds]
<whitequark> yes yes, iron. soldering iron to be specific
<whitequark> mog: you'd input the key at early boot
<whitequark> so chances that the block with it is allocated in low 4G of RAM are very high
<whitequark> *enter
<whitequark> yes
<whitequark> those guys don't have a clue
<viric> the press people?
<whitequark> no, the police ones. they use some pre-made software which just uses pre-existing backdoors or built-in capabilities
<whitequark> any kind of custom security will mean they either do nothing, or create you personally more problems
ffio has quit [Quit: WeeChat 0.4.1]
<whitequark> (yes, dm-crypt on a laptop counts as "custom")
<viric> yes.
<whitequark> besides, can't you just turn it off :D
<viric> but it's specially annoying the law things about that
<whitequark> eh
<whitequark> schlaw
<viric> well, encryption is a mean to quicker self-destruction
<viric> to avoid the soldering iron attack
<whitequark> what's more important to you: your data or your well-being?
<viric> :)
<whitequark> and that is a valid question with different answers in different cases, srsly
<viric> well, I should be able to tell that the laptop wasn't working, or so.
<whitequark> but I myself would just clean the laptop blank
<viric> if not, bad. :)
<viric> clean the laptop when?
<whitequark> before crossing a border
<viric> ah ok
<viric> yes, airports are very frightening places.
<viric> I could have a 'travelling laptop', not my usual one.
<viric> whitequark: same with the phone?
<whitequark> viric: yeah
<whitequark> re data erasure
<whitequark> you can send an SSD a TRIM 0:$capacity command in a millisecond
<whitequark> ofcourse it won't get erased immediately, but I would be really eager to look at any working method of data extraction in such case
<whitequark> imo, that's still all too theoretical
<whitequark> it's not hard to defend yourself from a wide-range attack, and if you're targeted personally, you're *really fucked*
<whitequark> encryption would be your least concern
<whitequark> I think the most interesting case for strong crypto is a narrow-range attack. say you're a CEO (or a Boeing engineer, etc). you probably carry some interesting stuff, but no one is going after you personally
<whitequark> i.e. it's opportunistic
<viric> Yes.
<viric> even not being a CEO, if someone steals my disks, I'd feel better if they were encrypted.
* whitequark nods
<viric> so that's the main purpose. and in some kind of targetted attacks, that can also help
<viric> only some kind :)
<whitequark> such as?
ffio has joined #qi-hardware
<viric> maybe some dumb acquaintance, that wants to annoy me
jekhor has joined #qi-hardware
<whitequark> right
LunaVorax has quit [Ping timeout: 260 seconds]
LunaVorax has joined #qi-hardware
LunaVorax has quit [Quit: Quitte]
LunaVorax has joined #qi-hardware
kilae has quit [Quit: ChatZilla 0.9.90.1 [Firefox 22.0/20130618035212]]
LunaVorax has quit [Ping timeout: 246 seconds]
LunaVorax has joined #qi-hardware
viric has quit [Ping timeout: 240 seconds]
viric has joined #qi-hardware
lekernel has quit [Quit: Leaving]
unclouded has joined #qi-hardware
wej has quit [Ping timeout: 245 seconds]
kuribas has quit [Quit: ERC Version 5.3 (IRC client for Emacs)]
wej has joined #qi-hardware
wej has quit [Ping timeout: 260 seconds]
wej has joined #qi-hardware
wej has quit [Ping timeout: 260 seconds]
wej has joined #qi-hardware
porchao has quit [Quit: Leaving...]
jekhor has quit [Read error: Operation timed out]
pcercuei has joined #qi-hardware
emeb has joined #qi-hardware
LunaVorax has quit [Ping timeout: 240 seconds]
wej has quit [Ping timeout: 248 seconds]