RE: PGP scripting...
From: Keith Smith (keith.smith@keiths-place.com)
Date: 01/08/03
- Previous message: Valdis.Kletnieks@vt.edu: "Re: PGP scripting..."
- In reply to: Marcin Owsiany: "Re: PGP scripting..."
- Next in thread: Andrew MacKenzie: "Re: PGP scripting..."
- Reply: Andrew MacKenzie: "Re: PGP scripting..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Keith Smith" <keith.smith@keiths-place.com> To: <secprog@securityfocus.com> Date: Wed, 8 Jan 2003 09:05:32 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> > I think that client is probably worried about regular users
> > that will have access to the file system, rather than a
> > determined external hacker.
>
> How does the encrypting improve the security of storing the
> files in a directory, which is only readable by selected users, then?
>
> They can only manage to read them, if they obtain that
> particular user's UID. But if they do it, they can probably
> also read /proc/N/mem, effectively bypassing the encryption.
I was assuming that the files were sitting in a shared file system somewhere and were world readable. Now I realise I was going out on a limb trying to guess the clients reasoning, but I couldn't think of any another reasons that explained the original request.
Regards,
Keith.
-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt
iQA/AwUBPhvNvL0tREWslyrAEQKX7ACfX0UAZO5gm6+PCBkdfO1wioVcm7IAnAvQ
e152ry+HPS0JpVutU9stGpBj
=3mij
-----END PGP SIGNATURE-----
- Next message: Steffen Dettmer: "Re: PGP scripting..."
- Previous message: Valdis.Kletnieks@vt.edu: "Re: PGP scripting..."
- In reply to: Marcin Owsiany: "Re: PGP scripting..."
- Next in thread: Andrew MacKenzie: "Re: PGP scripting..."
- Reply: Andrew MacKenzie: "Re: PGP scripting..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
