[Dev] Cynara

Jussi Laako jussi.laako at linux.intel.com
Thu Apr 10 14:49:50 GMT 2014


On 10.4.2014 15:20, Carsten Haitzler (The Rasterman) wrote:
> and what do you do when kernel is malicious (compromised) ? :) or hypervisor?
> again - you have to trust at some point. my point here is the display server is
> an element of a trusted system. and to the original topic - if a user can do
> it, it has access too.

Idea is to split things such way, that compromising component A or B 
doesn't expose A*B=C. You would need to compromise A and B 
simultaneously. And restrict the number, interface and size of the 
components where exploit would grant access to protected data.

Have you seen many malicious exploits out there for IBM's LPAR / z/VM?


Btw, why the heck display server has any access to input methods anyway? 
It's _DISPLAY_ server and not keyboard or mouse server...



More information about the Dev mailing list