[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Mutt & tmp files

martin f krafft wrote:

> * Craig Dickson <crdic@yahoo.com> [2001.11.15 10:28:33-0800]:
> > Also note that root owns sendmail, or whatever MTA you're using. If he
> > really wants to read your mail, it would be much easier for him to do it
> > by configuring the MTA to silently copy him on all your messages, so all
> > this concern about temporary files and de-allocated disk sectors seems a
> > bit silly to me.
> 
> except he's GPG encrypting, which then even root can't read...

Okay, I haven't used gpg for encryption. Are we talking about the sort
of double-layer "Only I could have written it, and only you can read it"
style of public key encryption, where the cleartext is encrypted once
with the sender's private key, and once with the recipient's public key?
I suppose that's pretty safe. Of course, root can still fake a digital
signature for any of his users, and read any encrypted mail sent to his
users, since he has access to his users' private keys on disk, and their
stored copies of their correspondents' public keys. Even if those keys
are encrypted and require the user to enter a passphrase every time
they're used, root can get the passphrase with a tty sniffer. Short of
biometric authentication, how can you stop root if he knows what he's
doing? And I imagine even biometrics can be compromised if you can
modify the software involved.

I still say the bottom line is, if you don't trust root, don't use his
machine.

Craig
Reply to: