Unix security additions

Paul Nash paul at frcs.UUCP
Fri Apr 19 22:52:06 AEST 1991


Thus spake barmar at think.com (Barry Margolin):
> In article <6783 at awdprime.UUCP> Tony Sanders <sanders at cactus.org> writes:
> >What if the backup/restore utilities on the "secure" system used an
> >encryption scheme before writting to tape (like dump|crypt|dd of=/dev/mt,
>
> If the people you're trying to protect against are the operators, this
> isn't much of a solution, since they have to know the password in order to
> do the backups and restores.

Not if you exec the pipeline from inside a suitable setuid program, which
can also contain the key for crypt.  As the program should be unreadable
by everyone (only executable & setuid), this shouldn't be a security breach
of too vast a magnitude.  Restores need someone (trusted) who knows the 
root password and the key (or the root password and knows how to use `strings'.

 ---=---=---=---=---=---=---=---=---=---=---=---=---=---=---=---=---=---
Paul Nash				   Free Range Computer Systems cc
paul at frcs.UUCP				      ...!uunet!m2xenix!frcs!paul



More information about the Comp.unix.internals mailing list