:: Re: [Dng] vdev update and design do…
Top Page
Delete this message
Reply to this message
Author: Klaus Hartnegg
Date:  
To: dng
Subject: Re: [Dng] vdev update and design document
Am 05.01.2015 um 07:21 schrieb Martijn Dekkers:
> There are several areas where there are
> significant legal requirements around disallowing the concept of a root
> / UID 0 user to have overriding access. Please be advised that SELinux
> was built by the NSA *specifically* to be able to meet these legal
> requirements.


Root *can* disable SELinux. It may require a reboot, but updating the
kernel also requires a reboot, thus it happens every other month anyway.

Am 05.01.2015 um 18:29 schrieb Rainer H. Rauschenberg:
> Admin has to take ownership of the file to change
> permissions and can't give back ownership to the original owner, so the
> manipulation can be traced back to him (his account).


Windows Admin *can* set ownership to any arbitrary user.


Also there are lots of other ways to access data. There is only one way
to hide data from admins: encrypt it.


Reliable separation of processes requires hardware-support, i.e.
virtualization, see for example qubes-os.org

The effectiveness of pure software methods is always limited. They can
be useful, this depends on your threat model.

Klaus