Mike A. Harris wrote:
> I agree 100%. However - in this *particular* case, it is only to
> keep a dumb snoop out of private information. Not to keep a
> skilled hacker out. Script kiddie hacking, and password snooping
> is not going to happen here - it isn't that big of a deal. Only
> a simple solution is needed for this particular case.
Consider it another measure in line with the C2 rating of Linux:
Linux is at C2 of the orange book ratings. This means that accidental
access to protected information is blocked.
What Mike is proposing is that a root-user can type "cat
/encrypted_fs/secretfile". Under standard Linux he'd accidentally see
the file without a complaint. This is actually contrary to the C2
rating.
Whatever mike has in mind, he'll move Linux one step further towards
the B rating, as prohibiting root-access to these files is a neccesary
step for aquiring a B rating....
Roger.
-- ** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2137555 ** *-- BitWizard writes Linux device drivers for any device you may have! --* * Common sense is the collection of * ****** prejudices acquired by age eighteen. -- Albert Einstein ********- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:24 EST