George Toft wrote:
> Requirements:
> 1. Deleted files (say, qmail messages after pickup) are shredded upon
> deletion. Immediately upon delete. Since an application is performing
> the delete, I must assume "rm" is not being issued, so I can't
> substitute "shred" in its place.
>
> 2. Files owned by vpopmail:vchkpw can only be read by said user:group -
> this includes root. We need to lock root (and every other user) out of
> the messages.
>
> 3. Encrypted file system to defend against physical theft.
>
>
> #3 is easy.
>
> #2 sounds like a job for SELinux. Alternatives are welcome :)
>
> What about #1? Any ideas?
>
You may be able to use the LD_PRELOAD technique I presented (to PLUG) in
2002:
http://uberhip.com/godber/interception/index.html
I modified the time function called by xsclock to make the clock tick
backwards. No recompiling of the original code. Just creating a small
wrapper function around the one that the original code is calling and
encouraging it to use the new function.
Austin
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)