Re: Mutt & tmp files

To: debian-security@lists.debian.org
Subject: Re: Mutt & tmp files
From: Bryan Andersen <bryan@visi.com>
Date: Thu, 15 Nov 2001 12:51:01 -0600
Message-id: <[🔎] 3BF40E95.E0DCB0BF@visi.com>
Reply-to: bryan@visi.com
References: <[🔎] 20011115191101.B21932@axon-e.de> <[🔎] 20011115102833.A22221@crdic.ath.cx> <[🔎] 20011115193255.A27196@fishbowl.madduck.net>

martin f krafft wrote:
> 
> * Craig Dickson <crdic@yahoo.com> [2001.11.15 10:28:33-0800]:
> > Also note that root owns sendmail, or whatever MTA you're using. If he
> > really wants to read your mail, it would be much easier for him to do it
> > by configuring the MTA to silently copy him on all your messages, so all
> > this concern about temporary files and de-allocated disk sectors seems a
> > bit silly to me.
> 
> except he's GPG encrypting, which then even root can't read...
> 
> > Your mail can also be spied on by packet sniffers or a compromise of the
> > mail servers of your correspondents.
> 
> ditto...

Bzzzz... Wrong.  

If you don't trust root, your hosed.  Root can change the app so he 
has your keys...  Root can also change the tty drivers so they are 
all silently logged.  There is no way to secure it fully unless you 
type it in encrypted form.  At some point you have to decide you've 
done enough and run with it.

-- 
|  Bryan Andersen   |   bryan@visi.com   |   http://www.nerdvest.com   |
| Buzzwords are like annoying little flies that deserve to be swatted. |
|   -Bryan Andersen                                                    |

Reply to:

Follow-Ups:
- Re: Mutt & tmp files
  - From: martin f krafft <madduck@madduck.net>

References:
- Mutt & tmp files
  - From: Florian Bantner <f.bantner@axon-e.de>
- Re: Mutt & tmp files
  - From: Craig Dickson <crdic@yahoo.com>
- Re: Mutt & tmp files
  - From: martin f krafft <madduck@madduck.net>

Prev by Date: Re: Mutt & tmp files
Next by Date: Re: Mutt & tmp files
Previous by thread: Re: Mutt & tmp files
Next by thread: Re: Mutt & tmp files
Index(es):
- Date
- Thread