Steve Grubb wrote:
The utilities that would allow you to modify it cannot be accessed
unless you are root.
Sounds like "when the algorithm is hidden, the crypto mechanism is
secure"...
I wouldn't characterize it like that. It means that you have established
proceedures that ensure the Security Objectives are met.
What does that mean? Why is it necessary to prevent anyone but root
from running the utility when in fact your security objectives can only
be met when the files the utility accesses can only be modified by root?
Which program is used to modify the file is pretty much irrelevant.
It is hard to take these concepts seriously when they add unnecessary cruft.
--
Les Mikesell
lesmikesell@xxxxxxxxx
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
