George Toft wrote:
> Requirements:
> 2. Files owned by vpopmail:vchkpw can only be read by said user:group - 
> this includes root.  We need to lock root (and every other user) out of 
> the messages.
>   

> #2 sounds like a job for SELinux.  Alternatives are welcome :)
>   

You mean keep out junior sysadmins who have root access, or really keep 
root out? I don't know of any way to really keep root out. Root has 
access to everything. Period. Crypto can't solve it, unless the system 
only has access to the cyphertext (if you encrypt/decrypt locally then 
root can read the plaintext from memory, and/or get the key and read 
everything). Different schemes have been proposed and implemented so 
that root can't do this or that but none that I know of really work 
against a sophisticated attacker, because in *nix "root == the system."

If you (wisely) take it as a given that root can compromise your box, 
then your problem becomes locking down root access. There are pretty 
effective, well known ways to do that.


-- 
Darrin Chandler            |  Phoenix BSD Users Group
dwchandler@stilyagin.com   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss