--7LkOrbQMr4cezO2T Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Sep 04, 2003 at 11:43:12AM +0200, Martin Konold wrote: > Am Thursday 04 September 2003 11:08 am schrieb Daniel Stone: > > > Everyone having root access to your machine is easily capable to steal > > > your passwords/idendentity without you even noticing. >=20 > > Aside from the fact that I only keep my GnuPG key on a few trusted > > machines, and could use SELinux and ACLs if I wanted to >=20 > FYR: Neither SELinux nor ACLs prevent abuse from a malicious root user. In what way? If I deny the root user access to the files in question, as we= ll as direct raw access, there's nothing they can do without physical access. > > the same. My GnuPG key is password-protected with a strong password, >=20 > Does also not help if you dont trust the root user. Not on any of the machines I have it on now, no - they don't run SELinux or= ACLs (which don't solve the problem of raw access). But that's because I trust t= he root users - myself, work admins, and a DD who I'm good friends with (and h= ave banking details of), respectively. > > The issue at hand was slightly more generic, I was just making an examp= le. > > Encryption can defeat root. >=20 > Sorry, this is incorrect. In what way? If I encrypted something with a 10240-byte public key, even if= you *can* access it, you have no hope in hell (short of the electrodes) of decrypting it this millennium. (BTW, if you don't believe me, log in to Russell Coker's SELinux playbox as root and see how far you get; there's a reason the NSA gave them money). --=20 Daniel Stone http://www.debian.org - http://www.kde.org - http://www.freedesktop.org "Configurability is always the best choice when it's pretty simple to imple= ment" -- Havoc Pennington, gnome-list --7LkOrbQMr4cezO2T Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj9XFLkACgkQcPClnTztfv0dnACfWtPsxbsMczj1dHrnfkyEwcMM YZgAnRv0zMPCdaRcYZcn0rKE2hKIxevl =SUIA -----END PGP SIGNATURE----- --7LkOrbQMr4cezO2T--