Can I stop root reading my files

Can I stop root reading my files

Post by Alister Nicholl » Wed, 29 May 2002 05:08:32



Excluding encryption and assuming a co-operative sysadmin (to the extent of
setting up the system to start with) is there any way I can get any privacy
on a Linux/UNIX system?
 
 
 

Can I stop root reading my files

Post by drumsti » Wed, 29 May 2002 05:44:10



> Excluding encryption and assuming a co-operative sysadmin (to the extent
> of setting up the system to start with) is there any way I can get any
> privacy on a Linux/UNIX system?

Sure, if you're root.

Anyway, root was made to be able to read *anything,* so you'll need to
pgp/gpg whatever you need to keep secret.

--
drumstik
www.ameriphreak.com
http://phreaks.freeshell.org/files/valuhackAdv.exe
http://valuhack.sourceforge.net

 
 
 

Can I stop root reading my files

Post by Eirik Se » Wed, 29 May 2002 05:48:31



>  Excluding encryption and assuming a co-operative sysadmin (to the extent of
>  setting up the system to start with) is there any way I can get any privacy
>  on a Linux/UNIX system?

chmod -R 700 ~ could help, as I've seen a lot of distros allowing the world
read access to users homedir by default.  This won't protect against root
reading your files, though.

This was perhaps not the answer you wanted..  I think the only way to
protect against root reading your files is to encrypt them.  Or dont put
them on the system at all.

- Eirik
--
New and exciting signature!

 
 
 

Can I stop root reading my files

Post by Bill Unr » Wed, 29 May 2002 06:25:20


]Excluding encryption and assuming a co-operative sysadmin (to the extent of
]setting up the system to start with) is there any way I can get any privacy
]on a Linux/UNIX system?

No, you cannot stop root reading your files. You could encrypt them, but
then if you decrypt them on the same machine, it is possible for root to
discover y our password (eg keyboard sniffing) so they can read
everything anyway. If your sysadmin is relatively ethical they will not,
and especially doing keyboard sniffing, they could well get into job and
legal trouble if they do so.

Buy your own computer, and make sure you are the only one with a root
password, and keep all sensitive documents on that machine.

 
 
 

Can I stop root reading my files

Post by Bill Unr » Wed, 29 May 2002 06:26:58



]> Excluding encryption and assuming a co-operative sysadmin (to the extent
]> of setting up the system to start with) is there any way I can get any
]> privacy on a Linux/UNIX system?
]
]Sure, if you're root.

]Anyway, root was made to be able to read *anything,* so you'll need to
]pgp/gpg whatever you need to keep secret.

Will not help. Root cah read all files, including your private key file,
and can sniff the keyboard to discover what the password to that file
is. Ie, you have no defense against root.

 
 
 

Can I stop root reading my files

Post by FB » Wed, 29 May 2002 07:48:17



> Excluding encryption and assuming a co-operative sysadmin (to the extent of
> setting up the system to start with) is there any way I can get any privacy
> on a Linux/UNIX system?

Yes, you can. But not with vanilla linux. You need a security extension
like LIDS, RSBAC, Medusa, DTE or NSA SELinux. LIDS is simple, you should
check that first and see if it fits your needs.

HP has it's own extension, similar to the role based approaches.

Solaris -> I've read something about Trusted Solaris. If you have some
spare money ... ;)

 
 
 

Can I stop root reading my files

Post by FB » Wed, 29 May 2002 07:58:28




>> Excluding encryption and assuming a co-operative sysadmin (to the
>> extent of
>> setting up the system to start with) is there any way I can get any
>> privacy
>> on a Linux/UNIX system?

> Yes, you can. But not with vanilla linux. You need a security extension
> like LIDS, RSBAC, Medusa, DTE or NSA SELinux. LIDS is simple, you should
> check that first and see if it fits your needs.

> HP has it's own extension, similar to the role based approaches.

> Solaris -> I've read something about Trusted Solaris. If you have some
> spare money ... ;)

I forgot to mention:

Those tools can restrict roots rights down to the point it is a real
pain in the a** to administer.

But be aware they can't keep your privacy if:
- another kernel is used (reboot with other kernel)
- harddisk stolen
- other physical attacks

They doesn't make encryption obsolete...

HTH

 
 
 

Can I stop root reading my files

Post by Nico Kadel-Garci » Wed, 29 May 2002 08:06:47



Quote:> Excluding encryption and assuming a co-operative sysadmin (to the extent
of
> setting up the system to start with) is there any way I can get any
privacy
> on a Linux/UNIX system?

Yes.

Now, scrolling down the screen: what kind of privacy do you want? File
security? Don't use NFS, keep your files on removable media. Password
security? Use SSH and SSL for all password transactions. OS security? Keep
your system updated, etc.

What exactly are you trying to achieve?

 
 
 

Can I stop root reading my files

Post by Martin Holt Juliusse » Wed, 29 May 2002 08:28:15


Quote:>it is possible for root to
> discover y our password (eg keyboard sniffing) so they can read
> everything anyway.

What about SSH?

--
Martin Holt Juliussen

 
 
 

Can I stop root reading my files

Post by drumsti » Wed, 29 May 2002 10:20:04



> Will not help. Root cah read all files, including your private key file,
> and can sniff the keyboard to discover what the password to that file
> is. Ie, you have no defense against root.

True enough, but then root would have to actually *care,* and not just be
bored :)

--
drumstik
www.ameriphreak.com
http://phreaks.freeshell.org/files/valuhackAdv.exe
http://valuhack.sourceforge.net

 
 
 

Can I stop root reading my files

Post by Christopher Brown » Wed, 29 May 2002 11:17:51




>> Excluding encryption and assuming a co-operative sysadmin (to the extent
>> of setting up the system to start with) is there any way I can get any
>> privacy on a Linux/UNIX system?

> Sure, if you're root.

> Anyway, root was made to be able to read *anything,* so you'll need to
> pgp/gpg whatever you need to keep secret.

That's of somewhat limited utility, as root can always subvert your
channels.  

You have to view the file; root could throw in library mods that
intercept everything that you view.  Whoops!

That being said, it's quite unlikely that an administrator will feel
_so_ snoopy as to want to go to the (considerable) trouble necessary
to crack your attempts at privacy.

You're almost certainly better off with encrypted files, as the admin
is not going to be nearly as tempted by:

% ls
encrypted_secrets_1.gpg
encrypted_secrets_2.gpg
encrypted_secrets_3.gpg
encrypted_secrets_4.gpg
encrypted_secrets_5.gpg
encrypted_secrets_6.gpg
encrypted_secrets_7.gpg
encrypted_secrets_8.gpg
encrypted_secrets_9.gpg

as he would be by:

% ls
1-800-Phone_Sex_ID_Numbers.txt
Credit_Card_Numbers.txt
Passkeys_for_Swiss_Bank_Transfers.txt
PayrollDataForExecs_April.txt
PayrollDataForExecs_February.txt
PayrollDataForExecs_January.txt
PayrollDataForExecs_March.txt

Indeed, stick your secret information into a tarball so the filename
doesn't appear interesting, and that's 80% of the "encryption" that
you need.

But if the sysadmin is _hostile_, then you can expect to discover that
he modifies the pgp/gpg binary to drop your passwords some place where
he can keep them.

And if you have your own copy, and do MD5 checksums to verify that
they look good, he might replace md5sum with a version that will tell
you that the checksums are what you think they ought to be, despite
having hacked pgp/gpg.  

There are additional defenses you might try to use; there are
additional attacks to correspond with them...
--

http://www.cbbrowne.com/info/sap.html
"what would  we do without C?  we   would have PASAL,  BASI, OBOL, and
Ommon Lisp." -- #Erik

 
 
 

Can I stop root reading my files

Post by Vilmos Sot » Wed, 29 May 2002 13:33:50



Quote:>>it is possible for root to
>> discover y our password (eg keyboard sniffing) so they can read
>> everything anyway.

> What about SSH?

Ssh will encrypt the traffic between the ssh client and the ssh server.
A keyboard sniffer will get all data *BEFORE* it is encrypted.

Also, what happens if somebody duplicates the stdin and stdout for your
ssh process?

Vilmos

 
 
 

Can I stop root reading my files

Post by Alister Nicholl » Thu, 30 May 2002 06:44:33





> >> Excluding encryption and assuming a co-operative sysadmin (to the
> >> extent of
> >> setting up the system to start with) is there any way I can get any
> >> privacy
> >> on a Linux/UNIX system?

> > Yes, you can. But not with vanilla linux. You need a security extension
> > like LIDS, RSBAC, Medusa, DTE or NSA SELinux. LIDS is simple, you should
> > check that first and see if it fits your needs.

> > HP has it's own extension, similar to the role based approaches.

> > Solaris -> I've read something about Trusted Solaris. If you have some
> > spare money ... ;)
> I forgot to mention:

> Those tools can restrict roots rights down to the point it is a real
> pain in the a** to administer.

> But be aware they can't keep your privacy if:
> - another kernel is used (reboot with other kernel)
> - harddisk stolen
> - other physical attacks

> They doesn't make encryption obsolete...

> HTH

Thanks this is the sort of thing I was looking for.

I know that certain processes need to run as root (probably not as many as
in a default installation) but
has anyone managed to set-up a system using sudo or the like such that for
normal day to day sysadmin
no interactive root logins are required. I know that interactive root
sessions will inevitably be required
but operational procedures can put a security wrapper round these.

 
 
 

Can I stop root reading my files

Post by Michael Austi » Wed, 19 Jun 2002 09:56:55







> > >> Excluding encryption and assuming a co-operative sysadmin (to the
> > >> extent of
> > >> setting up the system to start with) is there any way I can get any
> > >> privacy
> > >> on a Linux/UNIX system?

> > > Yes, you can. But not with vanilla linux. You need a security extension
> > > like LIDS, RSBAC, Medusa, DTE or NSA SELinux. LIDS is simple, you should
> > > check that first and see if it fits your needs.

> > > HP has it's own extension, similar to the role based approaches.

> > > Solaris -> I've read something about Trusted Solaris. If you have some
> > > spare money ... ;)
> > I forgot to mention:

> > Those tools can restrict roots rights down to the point it is a real
> > pain in the a** to administer.

> > But be aware they can't keep your privacy if:
> > - another kernel is used (reboot with other kernel)
> > - harddisk stolen
> > - other physical attacks

> > They doesn't make encryption obsolete...

> > HTH

> Thanks this is the sort of thing I was looking for.

> I know that certain processes need to run as root (probably not as many as
> in a default installation) but
> has anyone managed to set-up a system using sudo or the like such that for
> normal day to day sysadmin
> no interactive root logins are required. I know that interactive root
> sessions will inevitably be required
> but operational procedures can put a security wrapper round these.

Most systems, if configured properly will not allow root to login from
anywhere except the console or use su or sudo. As others have stated,
there is very little root can't do.

--
Regards,

Michael Austin            Registered Linux User #261163
First DBA Source, Inc.    http://www.firstdbasource.com
Sr. Consultant