On Sat, 19 Feb 2000, Rafal Maszkowski wrote:
>> The data is not readable. Root may be able to hunt around in
>> kmem, or whatever, but the likelyhood of it is slim for the idea
>> that I'm interested in. 100% security isn't necessary, more of a
>> "obscure" the dumb root user from looking at user's private
>> files. Not obscure the smart root user who can read kmem, and
>> wants to spend the time to do so... ;o)
>
>Security thru obscurity never works in long run. A dumb
>administrator may be not able to break your encryption scheme
>but think about him as about a script kiddie - a somewhat
>smarter guy could write a tool for catching passwords when your
>software becames more known.
I agree 100%. However - in this *particular* case, it is only to
keep a dumb snoop out of private information. Not to keep a
skilled hacker out. Script kiddie hacking, and password snooping
is not going to happen here - it isn't that big of a deal. Only
a simple solution is needed for this particular case.
>On the other hand using PGP on a large server with 5 people
>having root access is a quite similar aproach. I can trust them
>to some extent and hope they have many more interesting things
>to do.
Well, I'm sure from suggestions from others that an acceptable
solution is possible for my limited case, but definitely not a
"Pentagon" style solution. This is a simple solution in need of
a "windows 95 passwords" style solution. Something simple, that
keeps undetermined people out.
-- Mike A. Harris Linux advocate Computer Consultant GNU advocate Capslock Consulting Open Source advocateJoin the FreeMWare project - the goal to produce a FREE program in which you can run Windows 95/98/NT, and other operating systems.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:23 EST