[Rpm-maint] [rpm-software-management/rpm] RFE: use kernel/keyutils key rings as a backing store for rpm keyrings (#454)

Jeff Johnson notifications at github.com
Tue Jun 26 18:42:42 UTC 2018


One of the problems with having secrets like passwords/privkeys within application memory is the risk of loss through a segfault core dump or /dev/mem /proc snooping.

Complete opaque isolation to prevent loss can be attempted with TPM and/or other attached hardware, or by handing off signing to helpers like gpg which have their own means to protect against secret loss.

There is still the problem of how to convey a password/privkey from RPM to another device: the password will be resident within RPM memory.

One way to minimize the risk of secrets being snooped while resident in RPM memory is to use keyutils and linux kernel key rings. The keyrings can be used to pass values to/from rpm execution, and the time that the secrets are present in rpm memory can be minimized by accessing/using/erasing the secret within a more limited scope than the entire lifetime of an rpm process, simplifying audits and minimizing risk.

The keyutils interface is quite simple, and the few places where passwords (or pubkeys) are stored in RPM could/should be replaced with an access/use/erase implementation.

I can supply code pointers or even an implementation if interested.


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/454
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20180626/20e90d6e/attachment.html>


More information about the Rpm-maint mailing list