Auteur: Klaus Hartnegg Datum: Aan: dng Onderwerp: Re: [Dng] vdev update and design document
Am 05.01.2015 um 07:21 schrieb Martijn Dekkers: > There are several areas where there are
> significant legal requirements around disallowing the concept of a root
> / UID 0 user to have overriding access. Please be advised that SELinux
> was built by the NSA *specifically* to be able to meet these legal
> requirements.
Root *can* disable SELinux. It may require a reboot, but updating the
kernel also requires a reboot, thus it happens every other month anyway.
Am 05.01.2015 um 18:29 schrieb Rainer H. Rauschenberg: > Admin has to take ownership of the file to change
> permissions and can't give back ownership to the original owner, so the
> manipulation can be traced back to him (his account).
Windows Admin *can* set ownership to any arbitrary user.
Also there are lots of other ways to access data. There is only one way
to hide data from admins: encrypt it.
Reliable separation of processes requires hardware-support, i.e.
virtualization, see for example qubes-os.org
The effectiveness of pure software methods is always limited. They can
be useful, this depends on your threat model.