OPIE considered insecure

Lyndon Nerenberg lyndon at orthanc.ca
Mon Feb 9 15:32:27 PST 2009


> My use case is primarily to log in from highly untrusted and
> malware infested systems.  OPIE has been a usable solution to
> that problem.  I'm primarily worried about keyloggers and USB
> memory stick content dumpers.  OPIE fits that bill quite well.

It does, but *only* if you are running your own trusted ssh binary. 
Preferably one that is statically linked, but even then you're subject to 
the kernel-based keystroke logging.

>From what you're describing, I would be more inclined to carry a bootable 
OS on that USB stick and reboot into that. I have systems running OpenBSD 
that boot and run from 2GB USB sticks. There's no reason you couldn't do 
the same with FreeBSD.

--lyndon

   The longest UNIX error code is ENAMETOOLONG.


More information about the freebsd-security mailing list