"Mike A. Harris" wrote:
> ... There are systems out there, in
> which for military reasons, or perhaps other top secret reasons
> that files need to remain top secret and not visible to any
> system admin person. I'm thinking here of A or B class
> security.. which is likely a long way off..
Standard policy for such systems is that administrators must have the
security clearance for the highest-classified data on the machine.
Vendors field service people need clearance too. In many cases drives
are removable and are, as a standard procedure, removed before field
service touch the machine.
I don't think what you ask is possible on any near-standard multi-user
Unix machine. It could be done in a client/server environment. Keep
encrypted files on the server, decrypt only on the client. Anyone
with root privilege on the client could still beat the system, but
if you prohibit remote login to the client (and audit that) and require
a passphrase for access to local key, this is fairly secure.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:23 EST