Re: Mutt & tmp files

To: debian-security@lists.debian.org
Subject: Re: Mutt & tmp files
From: Petro <petro@auctionwatch.com>
Date: Thu, 15 Nov 2001 23:44:56 -0800
Message-id: <[🔎] 20011115234456.B514@auctionwatch.com>
In-reply-to: <[🔎] 20011115230941.A24329@crdic.ath.cx>
References: <crdic@yahoo.com> <[🔎] 20011115105235.C22221@crdic.ath.cx> <[🔎] E164cJo-0006od-00@coffee.dyndns.org> <[🔎] 20011115230941.A24329@crdic.ath.cx>

On Thu, Nov 15, 2001 at 11:09:41PM -0800, Craig Dickson wrote:
> Wade Richards wrote:
> > >I still say the bottom line is, if you don't trust root, don't use his
> > >machine.
> > This is the sort of absolutist nonsense that gives security experts a
> > bad name.  After all, anyone armed with a chainsaw can cut through a
> > solid oak door in a matter of hours, so why bother installing a deadbolt
> > on your door?
> To keep out all the people who don't have chainsaws, obviously. But on
> *nix machines, root has a chainsaw, and plenty of other tools also. He
> can also get a key to your deadbolt if he really wants it.

    What you're trying to do is "threat modeling", and quite frankly I'm
    in complete agreement with the statement that "if those with the
    root password are in your threat model, it's time to find another
    machine". 

    That said, the first thing to do is set the environmental variable
    "TMPDIR" to something under your home directory, and something only
    readble by you (well, and root). This gets it out of generic land. 

-- 
Share and Enjoy.

Reply to:

References:
- Re: Mutt & tmp files
  - From: Craig Dickson <crdic@yahoo.com>
- Re: Mutt & tmp files
  - From: Wade Richards <wrichard@direct.ca>
- Re: Mutt & tmp files
  - From: Craig Dickson <crdic@yahoo.com>

Prev by Date: Re: Mutt & tmp files
Next by Date: Re: Mutt & tmp files -- Root is not my Enemy
Previous by thread: Re: Mutt & tmp files
Next by thread: Re: Mutt & tmp files
Index(es):
- Date
- Thread