Hi, There is IPC between the seperated parts though. Which makes me wonder if someone gets the protocol right on the compromised part they would be able to pull the certificates no? What would need to be done to get the protocol right then?
Regards, -peter On 10/29/15 11:34, ludovic coues wrote: >> And, such a easy and accessible MAC can help minimizing >> the damage after breach as a last resort. >> > >From what I've seen of OpenBSD, most of the mitigation is done here by > privilege separation. > For exemple, iked(8) is at least 3 process running together. One > process have access to the network and is chroot in /var/empty, > running with minimal privilege. Certificate are handled by another > process and is chroot to /etc/iked. > So in the event the network facing process was compromised, it would > only have access to an empty dir and won't be able to access the > certificates. That is a form of access control, handled by the > developer, not the user.
