George Toft wrote:
> Requirements:
> 2. Files owned by vpopmail:vchkpw can only be read by said user:group -
> this includes root. We need to lock root (and every other user) out of
> the messages.
>
> #2 sounds like a job for SELinux. Alternatives are welcome :)
>
You mean keep out junior sysadmins who have root access, or really keep
root out? I don't know of any way to really keep root out. Root has
access to everything. Period. Crypto can't solve it, unless the system
only has access to the cyphertext (if you encrypt/decrypt locally then
root can read the plaintext from memory, and/or get the key and read
everything). Different schemes have been proposed and implemented so
that root can't do this or that but none that I know of really work
against a sophisticated attacker, because in *nix "root == the system."
If you (wisely) take it as a given that root can compromise your box,
then your problem becomes locking down root access. There are pretty
effective, well known ways to do that.
--
Darrin Chandler | Phoenix BSD Users Group
dwchandler@stilyagin.com | http://bsd.phoenix.az.us/
http://www.stilyagin.com/ |
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)