[Dev] Cynara

Schaufler, Casey casey.schaufler at intel.com
Thu Apr 10 17:28:25 GMT 2014


> -----Original Message-----
> From: Dev [mailto:dev-bounces at lists.tizen.org] On Behalf Of Jussi Laako
> Sent: Thursday, April 10, 2014 7:50 AM
> To: Carsten Haitzler (The Rasterman)
> Cc: dev at lists.tizen.org
> Subject: Re: [Dev] Cynara
> 
> On 10.4.2014 15:20, Carsten Haitzler (The Rasterman) wrote:
> > and what do you do when kernel is malicious (compromised) ? :) or
> hypervisor?
> > again - you have to trust at some point. my point here is the display server
> is
> > an element of a trusted system. and to the original topic - if a user can do
> > it, it has access too.
> 
> Idea is to split things such way, that compromising component A or B
> doesn't expose A*B=C. You would need to compromise A and B
> simultaneously. And restrict the number, interface and size of the
> components where exploit would grant access to protected data.

That works so long as A and B are truly distinct. The reality is that
with shared memory transports (and kdbus) and the like isolation
is often illusionary.
 
> Have you seen many malicious exploits out there for IBM's LPAR / z/VM?
> 
> 
> Btw, why the heck display server has any access to input methods anyway?
> It's _DISPLAY_ server and not keyboard or mouse server...

When you move the mouse that little arrow on the screen moves.
You wouldn't want the movement of the arrow to lag, would you?

> _______________________________________________
> Dev mailing list
> Dev at lists.tizen.org
> https://lists.tizen.org/listinfo/dev


More information about the Dev mailing list