RE: Mutt & tmp files

To: <debian-security@lists.debian.org>
Subject: RE: Mutt & tmp files
From: "Howland, Curtis" <howlandc@kvh.co.jp>
Date: Fri, 16 Nov 2001 08:54:04 +0900
Message-id: <[🔎] FBBD2DD3FF1ECA42817E762126D2FB0E05CA30@jpkvhms2.tel.kvh.co.jp>

As has been said many times, many ways, once "root" is compromised, all
bets are off. Also, the only computer that isn't vulnerable is the one
that isn't connected to a network, and can't be physically touched.

Did anyone else see that awful Wesley Snipes movie, where he plays a
black-bag (pun in original) operative for the U.N.? He hacks into a
laptop that someone left on in their office, using the infrared port
from outside the office window. When I first heard about Tempest
shielding, I knew nothing was "impossible". Security is just a matter of
making it so inconvenient that the cracker has to give up.

Curt-

-----Original Message-----
From: Craig Dickson [mailto:crdic@yahoo.com]
Sent: Friday, November 16, 2001 08:36
To: debian-security@lists.debian.org
Subject: Re: Mutt & tmp files

Florian Bantner wrote:

> > Hmm, have you considered ramdisks?
> 
> That's the idea I was looking for. Heard also today of the
> possibility to encrypt whole filessystems. In the moment I'm
> thinking about that. A combination was nice. When I'm right this
> would make it even for root hard to do something. Not impossible but
> hard. That's really not bad at all.

It depends what kind of skills you expect root to have. Remember that
root is in a position to modify the kernel if he wants to. I can easily
imagine a kernel patch that watches the ramdisk (or any fs) for certain
types of files (by name, ownership, or whatever), and makes extra copies
of them under /root without the user's knowledge. It probably wouldn't
even be a hard change to make. And of course, for the ramdisk to exist
in the first place, you need root's cooperation, so he probably knows
why you want it and what you're using it for.

Even without a kernel patch, he can always just modify mutt, vim, or gpg
to do what he needs. Or just replace vim with a shell script that calls
the real vim and then copies the file for him afterwards (the easiest
method, though also the most obvious).

You can make it so that root has to do more than look in /tmp for
cleartext files, but I doubt you can make it hard if root is a competent
programmer.

Craig

-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Mutt & tmp files -- Root is not my Enemy
  - From: Florian Bantner <f.bantner@axon-e.de>

Prev by Date: Re: Mutt & tmp files
Next by Date: Re: Mutt & tmp files
Previous by thread: Re: Mutt & tmp files
Next by thread: Re: Mutt & tmp files -- Root is not my Enemy
Index(es):
- Date
- Thread