Mailinglist Archive: opensuse (3225 mails)
| < Previous | Next > |
RE: [SLE] Re: security hole?
- From: "The Purple Tiger" <Jon@xxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 13 Jul 2002 19:15:39 +0100
- Message-id: <GKEOKIBMPGLLIGEBJEDDAEBHCPAA.Jon@xxxxxxxxxxxxxxxxxxxxx>
The fact is that if you want any system to be secure from access, it must
have no network access and noone must be able to get to the machine
[physically or logically]. My cousin works for a part of the government and
their main machines are in Faraday cages in concrete windowless buildings
with guard, swipecard, code, fingerprint access, plus video cameras all over
the place [plus some more things that he can't tell me about <grin> ]all
before you can get anywhere near the machine!
Even then, one can say it isn't 100% secure as he has access to the machine.
You can insert a "rescue" disk to Redhat and mount the fs with no root
access as I believe they use ext3 now which is backwardsly compatible with
ext2. You can mount an ext3 partition on an ext2 only system - it just
doesn't have the journalling. At least SuSE has the option of ResierFS
which is less likely to be able to be booted from a "rescue" disk as most
rescue disks don't have reiser capabilites [not difficult to include].
The cryptographic file systems will not allow you to mount the partition
without the proper passphrase, as root or otherwise, so that offers a better
model of security.
*NO* machine is 100% secure. You would have to have lots of people
scrutinizing the code, even in the compilers, and even then, do you trust
those people ;o)
Still thats my 0.02 EUR ;o)
--
Jon
Somewhere between here and inanity.
have no network access and noone must be able to get to the machine
[physically or logically]. My cousin works for a part of the government and
their main machines are in Faraday cages in concrete windowless buildings
with guard, swipecard, code, fingerprint access, plus video cameras all over
the place [plus some more things that he can't tell me about <grin> ]all
before you can get anywhere near the machine!
Even then, one can say it isn't 100% secure as he has access to the machine.
You can insert a "rescue" disk to Redhat and mount the fs with no root
access as I believe they use ext3 now which is backwardsly compatible with
ext2. You can mount an ext3 partition on an ext2 only system - it just
doesn't have the journalling. At least SuSE has the option of ResierFS
which is less likely to be able to be booted from a "rescue" disk as most
rescue disks don't have reiser capabilites [not difficult to include].
The cryptographic file systems will not allow you to mount the partition
without the proper passphrase, as root or otherwise, so that offers a better
model of security.
*NO* machine is 100% secure. You would have to have lots of people
scrutinizing the code, even in the compilers, and even then, do you trust
those people ;o)
Still thats my 0.02 EUR ;o)
--
Jon
Somewhere between here and inanity.
| < Previous | Next > |