OPIE considered insecure
Lyndon Nerenberg
lyndon at orthanc.ca
Mon Feb 9 15:32:27 PST 2009
> My use case is primarily to log in from highly untrusted and
> malware infested systems. OPIE has been a usable solution to
> that problem. I'm primarily worried about keyloggers and USB
> memory stick content dumpers. OPIE fits that bill quite well.
It does, but *only* if you are running your own trusted ssh binary.
Preferably one that is statically linked, but even then you're subject to
the kernel-based keystroke logging.
>From what you're describing, I would be more inclined to carry a bootable
OS on that USB stick and reboot into that. I have systems running OpenBSD
that boot and run from 2GB USB sticks. There's no reason you couldn't do
the same with FreeBSD.
--lyndon
The longest UNIX error code is ENAMETOOLONG.
More information about the freebsd-security
mailing list