[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Protecting root security

~> From: Ben Collins <bcollins@debian.org>
~> 
~> Leaving it up to the install disk to secure the root partition is
~> impractical. That's like trusting the user with a [Yn] response on "Was
~> the password you entered correct?". The only way to secure a filesystem
~> from this type of access is to use some sort of secure fs (cfs and
~> secure loop devices with encryption come to mind),

Not good enough, with cfs all you can do is keeping some partitions
encrypted, but the rest still remains accesible;  even if you keep all
your sensible (and not so sensible) data in a cfs partition, having that
kind of easy access to your system means they can easily place a trojan
and having your cfs password for the next time.

~> also check into sfs (sorry, no URL's for these).

It's on Peter Gutmann's page (http://www.cs.auckland.ac.nz/~pgut001/),
but as far as I know it's for windoze.

~> From: wcurry@cts.com
~> 
~> I suppose it you used cfs (as another poster suggested), you could keep
~> someone from reading your disk.  But you couldn't keep them from
~> wiping it clean with fdisk and being generally destructive.

Fine!  destroying data, or completely winping it out is easily solved by
keeping a backup copy, but the issue here is about having access to
data, and being able to read it.

Speaking of which (linux and security)... does anyone know anything
about the development of a new distro (supposedly security-oriented)...
named KHAOS?

Regards
-- 
Horacio
homega@vlc.servicom.es
Valencia - ESPAÑA
Reply to: