Re: remote kernel debugging over a network

To: Jordan Gordeev <jgordeev%dir.bg@localhost>
Subject: Re: remote kernel debugging over a network
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Sun, 6 Jun 2010 09:54:01 -0400

On Sun, Jun 06, 2010 at 12:02:18PM +0300, Jordan Gordeev wrote:
> Thor Lancelot Simon wrote:
>> IPKDB used a custom MD5-based packet hash for "security".  I actually
>> think it would probably be very easy to support a single IPsec ESP
>> security association instead.  The hair with IPsec is all with key
>> negotiation.  Don't bother, and don't do some things like replay
>> protection, and ESP is a very simple, compact little shim layer on IP.
>>   
> ESP requires a random-number generator with cryptographic quality. I'm  
> not sure we can provide that in the limited environment of the kernel  
> debugger.

A) The claim is false.  As Steve pointed out, key negotiation is not part
   of ESP.

B) If you're talking about IV generation, it's trivial to provide one
   of the small keystream generators, keyed from wherever at subsystem
   startup, and use that.  Even if you're going for totally self-contained
   code that never calls into even libkern once it's started up, a stream
   cipher for IV generation isn't going to break the bank.

Thor

Follow-Ups:
- Re: remote kernel debugging over a network
  - From: Steven Bellovin

References:
- remote kernel debugging over a network
  - From: Jordan Gordeev
- Re: remote kernel debugging over a network
  - From: der Mouse
- Re: remote kernel debugging over a network
  - From: Bakul Shah
- Re: remote kernel debugging over a network
  - From: Thor Lancelot Simon
- Re: remote kernel debugging over a network
  - From: Jordan Gordeev

Prev by Date: Re: remote kernel debugging over a network
Next by Date: Re: remote kernel debugging over a network
Previous by Thread: Re: remote kernel debugging over a network
Next by Thread: Re: remote kernel debugging over a network
Indexes:

Home | Main Index | Thread Index | Old Index