tech-crypto archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

root-on-cgd (was: cgd(4) ciphers)

On 10/3/13 12:40 AM, Pierre Pronchery wrote:
> On 30/09/2013 09:37, Jan Danielsson wrote:
>>    But personally, I think that having a good/working root-on-cgd
>> solution should be a far higher priority.
> Just in case you missed it, and I don't claim it is good (and should
> document it) but I have committed a working implementation of
> root-on-cgd a few months ago. It uses init.chroot, [...]

   See -- before that PR I did precisely
that [use init.chroot to get a root-on-cgd]. The problem was that it
stopped working (and I heard from a few others who had run into the same
issue, so it wasn't just me. Though for completeness I mention that I
also heard a few "works for me"). The resulting discussions following
the PR made me feel that init.chroot is flaky.

   I will try my old patches on a netbsd-6 system to see if things have
randomly been fixed, but without looking into the original problem and
seeing that it truly has been fixed, I won't be able to trust it.


Home | Main Index | Thread Index | Old Index