Hi all, -----Original Message----- From: Martin Konold [mailto:martin.konold@erfrakon.de] Sent: Friday, May 18, 2007 12:04 AM To: opensuse-security@opensuse.org Subject: Re: [opensuse-security] LUKS and its master key Am Donnerstag 17 Mai 2007 schrieb Jochen+opensuse-security@hayek.name: Hi Jochen,
manages to gain root priviliges, that he can retrieve the necessary information,
There is no easy way to prevent this for any Linux encryption solution. As soon as a 3rd party has either root or physical access to your linux machine this party will be able to gain access to all volumes which are currently in use. E.g. it is trivial as user root to obtain all access permissions of any user on the system. <snip> Some small side-way remarks... A) If an intruder has physical access to your machine (a co-worker, or something else is very wrong!!), he doesn't directly has access to your private data. First step would probably be to gain root access. Assuming the root user didn't leave any console open (...) it would at least mean a reboot. Stopping of the system should trigger (snmp) maintenance/security actions. Default boot-medium (with keys) can be removed. Non-default booting through grub can be protected by a password. Booting from other media can be protected by bios-password. Altering bios-setup (default pwd) can be protected by locks on your 19" cubboard Enough delaying, for maintenance/security people to have a look why the related system got offline. Even when he removes the disks and put them in another system, it's possible to encrypt root, swap, etc etc. B) Intruder has root access to your machine (through social enginering or so). It shouldn't imply that he has access to your data. For every account ther should be at least one or more private vault, that can only be opened by the user, and no-one else, not even the root user. Your data is only vulnarable (for rogue-root) if you open your vault, and mount it. So if somebody gets root-privileges, all other users should be alerted. (E.G.: Don't trust root! All his entrences and actions should be guarded) C) refering to Hobson, security has it price. If you introduce two-factor or tree-factor security; it means that a trusted person with key/dongle needs to be present when the system must be restarted. Hans --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org