Re: Root is God? (was: Mutt & tmp files)
This thread is getting old. If you don't want root to read your email,
use an editor that can be set to not store temp files, use ASCII armor,
and encrypt everything before you send it. Root could still access
memory while you are composing the messages, so maybe you
should compose them on another system (like your own, for instance).
Of course, you could use that same system on which you have root
to send the files. The easiest solution, then, is, if you want privacy,
don't do things in plaintext on a box someone else admins. Cake.
Find yourself a computer for $300 and save money from your
paper-route to buy it or something.
The other solution is a little harder. Linux wasn't ever meant to be a
capability based system in which the users have rights to privacy.
The users simply have to trust root to respect their privacy (and, as
this discussion has pointed out so pedantically, there are things the
users can try to do to maximize their privacy, if they so choose). The
real solution is to write a capability-based OS (or throw in your lot with
Eros) and set it up with users' privacy from root in mind. People will
say "Well, that's what LIDS does for Linux.", but since Linux wasn't
architected with this in mind, I suspect there will always be holes that
root can find to get past this.