Unix security additions
Paul Nash
paul at frcs.UUCP
Fri Apr 19 22:52:06 AEST 1991
Thus spake barmar at think.com (Barry Margolin):
> In article <6783 at awdprime.UUCP> Tony Sanders <sanders at cactus.org> writes:
> >What if the backup/restore utilities on the "secure" system used an
> >encryption scheme before writting to tape (like dump|crypt|dd of=/dev/mt,
>
> If the people you're trying to protect against are the operators, this
> isn't much of a solution, since they have to know the password in order to
> do the backups and restores.
Not if you exec the pipeline from inside a suitable setuid program, which
can also contain the key for crypt. As the program should be unreadable
by everyone (only executable & setuid), this shouldn't be a security breach
of too vast a magnitude. Restores need someone (trusted) who knows the
root password and the key (or the root password and knows how to use `strings'.
---=---=---=---=---=---=---=---=---=---=---=---=---=---=---=---=---=---
Paul Nash Free Range Computer Systems cc
paul at frcs.UUCP ...!uunet!m2xenix!frcs!paul
More information about the Comp.unix.internals
mailing list