First, thanks to Jari for explanations!
How big vulnerability is that password written in init file?
Root file system where those init scripts reside, must be encrypted.
I have no doubts about that, but I consider the case when that
information (key or password) somehow leaks out to another file, that is
accessible to all.
And if someone persuade me to execute some sophisticated attack code (or
build it into programs, that I install), the keys can be stolen pretty
easily!
I was new to linux some six months ago and now I both have no time and
necessity to build such a monstrous protection system, but I'm planning
to start with Gentoo RSBAC some day.
I am sure that vanilla kernel must be modified, because it supposes,
that all installed stuff does exactly what it is supposed to. But how
the hell can I check all those sources?! And I still want my workstation
to be user-friendly and having all necessary software...
Any comments about RSBAC?
To Markus:
> have you (successfully) tinkered with Alon's approach to things?
- No. Suspend is not a critical requirement for me and since I didn't
understood Alon's provided information good enough, suspend for me is
suspended.
> just be as verbose as you possibly can.
- Ok!
--
Jan
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
