ked by disk into unreclaimable memory.
>
> Lennart
Most (but not all) of the security concerns about swap can be mitigated
by using a dm-crypt volume with an ephemeral key. Once the system
memory is wiped, the key is gone and with it any chance of accessing the
swapped-out data.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
t
> namespace. This equally affects the "read-only /etc" mount done by systemd
> itself as well as the /run/netns mount done by 'ip' or any other mounts
> done anywhere else.
This still ought to be mentioned in the documentation. Not everyone
knows that persistent network namespaces involve bind mounts, and it is
much better for the caveat to be mentioned in the manual pages.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
On Tue, Jul 09, 2024 at 12:13:38PM +0200, Lennart Poettering wrote:
> On Mo, 08.07.24 15:57, Demi Marie Obenour (d...@invisiblethingslab.com) wrote:
>
> > On Mon, Jul 08, 2024 at 01:16:56PM +0200, Lennart Poettering wrote:
> > > On Do, 04.07.24 12:44,
On Mon, Jul 08, 2024 at 01:16:56PM +0200, Lennart Poettering wrote:
> On Do, 04.07.24 12:44, Demi Marie Obenour (d...@invisiblethingslab.com) wrote:
>
> > > No, these belong to your process, systemd couldn't really reach into
> > > your processes to clo
at
> way, if it is carefully written to handle this. For example it is not
> allowed to dlopen() anything (and hence no NSS either! No
> gethostbyname() or getpwnam() or so), because you'd otherwise end up
> with a weird mix of match of shared libs from the initrd and the host.
If
; >
> > IMHO, a rolling release is just that - it is self explanatory. Debian and
> > Ubuntu are definitely not that. In your given scenario, the packages should
> > be rebuilt for the current OS Release with the metadata bumped even if it
> > is the same version o sai
ing in a container that doesn't use systemd.
3. Stop using cgrulesengd, and instead use systemd units to define
cgroups. Then use other approaches (such as wrapper scripts) to
ensure that programs are launched in the correct systemd units.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
st work) and then load the FDE key below it (which will require us
> to fulfill policy 1) and then the unseal the FDE key (which will
> require us to fulfill policy 2).
>
> Unless I am missing something this should work and do exactly what I
> want: I can combine policies arbitrarily.
Does this require policies 1 and 2 to be fulfilled _at the same time_?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
On Thu, May 30, 2024 at 10:43:48PM +0200, Lennart Poettering wrote:
> On Mi, 29.05.24 14:48, Demi Marie Obenour (d...@invisiblethingslab.com) wrote:
>
> > > > > (you can of course include PolicyAuthorizeNV in the policy you sign
> > > > > for PolicyAuthorize,
bound keys that are not accessible
outside the TPM, but my understanding is that the most common cases
(LUKS and fscrypt keys and systemd credentials) must be accessible in
cleartext on the host _anyway_. If the secret to be sealed is provided
externally, then one can use symmetric encryption with a randomly
generated key to have the same effect.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
On Wed, May 29, 2024 at 10:36:28AM +0200, Lennart Poettering wrote:
> On Di, 28.05.24 17:36, Demi Marie Obenour (d...@invisiblethingslab.com) wrote:
>
> > > (you can of course include PolicyAuthorizeNV in the policy you sign
> > > for PolicyAuthorize, but that doesn#t wo
tion is subject to local,
> delegated policy choices instead of mandated by the policy of the
> actual object we want to protect)
Does this work in practice? I agree that this is ugly, but "ugly" might
be better than "not working".
> I have so far not found a nice
gt;
> Hi Thomas,
>
> RequiresMountsFor=3D should be your friend. It just takes a space-
> separated list of paths and does all the other stuff by itself.
>
> Another options would be to switch to x-systemd.automount in fstab for
> the network shares, so they will be mounted on first access, not
> necessary during early boot when there is no network.
FYI, it looks like your mailer used quoted-printable encoding, but
didn’t set the appropriate headers to indicate that this encoding is in
use.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
e consume unbounded time on
> processing journal messages.
Which regex engine is used? glibc’s engine is not safe for use with
untrusted input, but Rust’s is, so that might be an option in the
future. It isn’t OOM-safe, though.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
hardware-specific images, rather than trying to have
a single image that supports many different hardware models. Automotive
and other embedded systemd understandably do not want to pay for
complexity that they do not need, and which is present to support
features (such as supporting arbitrary hardw
On Mon, Dec 11, 2023 at 10:52:31PM +, Muggeridge, Matt wrote:
>
>
> > -Original Message-
> > From: Demi Marie Obenour
> > Sent: Tuesday, December 12, 2023 7:14 AM
> > To: Muggeridge, Matt ; systemd-
> > de...@lists.freedesktop.org
> >
On Mon, Dec 11, 2023 at 08:58:58PM +, Luca Boccassi wrote:
> On Mon, 11 Dec 2023 at 20:43, Demi Marie Obenour
> wrote:
> >
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA512
> >
> > On Mon, Dec 11, 2023 at 08:15:27PM +, Luca Boccassi wrote:
>
Thanks,
> Matt.
> PS: Mailing list topics go unanswered and github issues get lost in the
> noise, so I'm hoping there's a more efficient way to collaborate.
In what specific ways is networkd not compliant?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, Dec 11, 2023 at 08:15:27PM +, Luca Boccassi wrote:
> On Mon, 11 Dec 2023 at 17:30, Demi Marie Obenour
> wrote:
> >
> > On Mon, Dec 11, 2023 at 10:57:58AM +0100, Lennart Poettering wrote:
> > > On Fr, 08.12.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, Dec 11, 2023 at 05:03:13PM +, Eric Curtin wrote:
> On Mon, 11 Dec 2023 at 16:36, Demi Marie Obenour
> wrote:
> >
> > On Mon, Dec 11, 2023 at 10:57:58AM +0100, Lennart Poettering wrote:
> > > On Fr, 08.12.
> "ESP" in the above with a similar concept, i.e. a well discoverable,
> unauthenticated relatively simple file system, such as vfat).
>
> Anyway, I can't tell you how to solve your specific problems, but if
> there's one thing I'd suggest you to keep in mind then it's the
> security angle, i.e. keep in mind from the beginning how
> authentication of every component of your process shall work, how
> unatteneded disk encryption shall operate and how measurement shall
> work. Security must be built into things from the beginning, not be
> added as an afterthought.
As a Qubes OS developer and a security researcher, thank you.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
index can be changed? In the latter case, does
this mean that the index can be "leaked" in certain error conditions?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
oes perf even support these single core SoCs?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
t; that would replicate all the data, for the heavy users to query. (Or the
> other way around, main instance for the heavy updates ⇒ replica for regular
> queries.)
Generally heavy analytical queries should be on a replica. The reason
is that analytical queries are less likely to need the very
e also tried Before=network-pre.target and Wants=network-pre.target
> without success - it was that not working that set me off trying to fix it.
RequiredBy=network-pre.target should be sufficient, but unfortunately
lots of stuff (like systemd-networkd) that should have
Requires=netw
gt;
> >
> >
> > Well, you can look at the process list anytime as normal user. So, what
> > are you trying to accomplishing. Whats the goal? Hiding the process from
> > the users?
> >
>
> I was surprised that I could see it. And as I understand it, I am c
On Sun, Jul 30, 2023 at 08:35:24PM +0100, Dave Howorth wrote:
> On Sun, 30 Jul 2023 11:52:34 -0400
> Demi Marie Obenour wrote:
> > On Thu, Jul 27, 2023 at 08:10:41AM +, Zbigniew Jędrzejewski-Szmek
> > wrote:
> > > Hi,
> > >
> > > I'd like t
ps://github.com/systemd/systemd/pull/28433/commits/1ecd1a994733d.
>
> If you're using FSS, please speak up.
>
> Zbyszek
What is the reason for this change?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
hatever the task is)?
Once per virtual NIC appearance. The catch is that the NIC can
disappear and reappear very quickly, and the script must be run every
time this happens. Furthermore, the script must wait for
network-pre.target.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Thin
, but that can be handled in the script themselves.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
ety requirement (such as the backup camera in a car
turning on fast enough), is Linux the correct choice for this
application, or would a safety-certified RTOS be better option?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
signature.asc
Description: PGP signature
31 matches
Mail list logo
