Re: remote kernel debugging over a network

[Steven Bellovin <smb%cs.columbia.edu@localhost>]

On Jun 6, 2010, at 9:54 01AM, Thor Lancelot Simon wrote:

> On Sun, Jun 06, 2010 at 12:02:18PM +0300, Jordan Gordeev wrote:
>> Thor Lancelot Simon wrote:
>>> IPKDB used a custom MD5-based packet hash for "security".  I actually
>>> think it would probably be very easy to support a single IPsec ESP
>>> security association instead.  The hair with IPsec is all with key
>>> negotiation.  Don't bother, and don't do some things like replay
>>> protection, and ESP is a very simple, compact little shim layer on IP.
>>> 
>> ESP requires a random-number generator with cryptographic quality. I'm  
>> not sure we can provide that in the limited environment of the kernel  
>> debugger.
> 
> A) The claim is false.  As Steve pointed out, key negotiation is not part
>   of ESP.
> 
> B) If you're talking about IV generation, it's trivial to provide one
>   of the small keystream generators, keyed from wherever at subsystem
>   startup, and use that.  Even if you're going for totally self-contained
>   code that never calls into even libkern once it's started up, a stream
>   cipher for IV generation isn't going to break the bank.
> 
I must say, though, that the more I think about it, the more I'm concerned 
about replay attacks.  You suggested that ESP replay prevention be disabled, 
and that is in fact consistent with the ESP specs when static keys are used.  I 
think we need to think, hard, about what we want to do here.


                --Steve Bellovin, http://www.cs.columbia.edu/~smb