On 12/09/13 22:03, NdK wrote: > Nope. W/ Vinculum module you send it commands like "open mickey.txt" and > then "read 1024". The filesystem driver is in the module and your interface > only receives expected data.
I hadn't looked at the Vinculum module[1]; that would indeed be a way to remove the filesystem from the equation, although you will end up writing something similar to a filesystem driver for the PC which might itself be exploitable. You can reduce the complexity of the software, but you can't eliminate some form of driver. And I certainly wouldn't trust the module to give me only expected data :). You've only moved the complexity of the USB stack to the module, it needs to be regarded exploitable. > You really should define your "security perimeter". You mean threat model? I completely agree. All my contributions are just musings about things I notice while reading other people's contributions. I'm not contemplating actually doing any of this. If you seriously consider doing this, you need to formulate a good threat model. I use a USB stick to transfer stuff. HTH, Peter. [1] I was just thinking in general terms of bridging USB mass storage to a serial port through some driver. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
