Re: Mutt & tmp files -- Root is not my Enemy
On Fre, 16 Nov 2001, Howland, Curtis wrote:
> As has been said many times, many ways, once "root" is compromised, all
> bets are off. Also, the only computer that isn't vulnerable is the one
> that isn't connected to a network, and can't be physically touched.
>
> Did anyone else see that awful Wesley Snipes movie, where he plays a
> black-bag (pun in original) operative for the U.N.? He hacks into a
> laptop that someone left on in their office, using the infrared port
> from outside the office window. When I first heard about Tempest
> shielding, I knew nothing was "impossible". Security is just a matter of
> making it so inconvenient that the cracker has to give up.
>
> Curt-
Yea - nothing is impossible. But It sometimes can really make a
difference if its hard or easy. I think best you can do is make it
as hard as possible.
> > > Hmm, have you considered ramdisks?
> >
> > That's the idea I was looking for. Heard also today of the
> > possibility to encrypt whole filessystems. In the moment I'm
> > thinking about that. A combination was nice. When I'm right this
> > would make it even for root hard to do something. Not impossible but
> > hard. That's really not bad at all.
>
> It depends what kind of skills you expect root to have. Remember that
> root is in a position to modify the kernel if he wants to. I can easily
> imagine a kernel patch that watches the ramdisk (or any fs) for certain
> types of files (by name, ownership, or whatever), and makes extra copies
> of them under /root without the user's knowledge. It probably wouldn't
> even be a hard change to make. And of course, for the ramdisk to exist
> in the first place, you need root's cooperation, so he probably knows
> why you want it and what you're using it for.
>
> Even without a kernel patch, he can always just modify mutt, vim, or gpg
> to do what he needs. Or just replace vim with a shell script that calls
> the real vim and then copies the file for him afterwards (the easiest
> method, though also the most obvious).
>
> You can make it so that root has to do more than look in /tmp for
> cleartext files, but I doubt you can make it hard if root is a competent
> programmer.
>
> Craig
To say it clear. Root is not my enemy. In fact, on this machine it
should be me who is root.
A fact about which I'm concerned
even more than about a hack from outside via the internet etc. is
real physical access to the box. Something hackers normaly don't pay
enough attention is that just somebody steps - let's say 6 o'clock
in the morning - into your room, shows you his police card - or what ever
govermental id card - and tells you that your computer is now his.
You have to experience that for yourself to believe how easy this
could happen. Just be in the wrong place to the wrong time.
It happend to me once, just because I lived that time in a
flat-sharing community. I didn't see my computers for about a year
and then all harddisk had been removed and where broken.
I don't believe really strong in out constitutional state, but imagine
this to happen in an even more oppressive countries (china/agypt/etc.).
Then it doesn't matter if you trust root or not. Than it's a matter
of life and death and you're really happy to know that none of your
programms had left any kind of confidential information back on your
harddrive.
I do belive strongly in 'Democracy through Privacy'.
Isn't that - before any other linux-distribution - something debian
should stand for?
--
»« »« »« »« »« »« »« »« »« »« »« »« »« »« »«
AXON-E Interaktive Medien
Arnulfsplatz 6
93047 Regensburg
.
Tel. 0941 - 599 854 4
Fax. 0941 - 599 854 1
Mail f.bantner@axon-e.de
Key http://www.axon-e.de/gpg/f.bantner.key
»« »« »« »« »« »« »« »« »« »« »« »« »« »« »«
Reply to: