This isn't necessarily true. If you're running a trusted operating
system, you can set it up so that administrators do not have unlimited
power. For example, here at Argus (http://www.argus-systems.com) we have
a B1 level Trusted OS that makes this sort of high-end security possible.
HP and SunFederal make products with similar capability.
On Sat, 19 Feb 2000, Sandy Harris wrote:
> "Mike A. Harris" wrote:
>
> > ... There are systems out there, in
> > which for military reasons, or perhaps other top secret reasons
> > that files need to remain top secret and not visible to any
> > system admin person. I'm thinking here of A or B class
> > security.. which is likely a long way off..
>
> Standard policy for such systems is that administrators must have the
> security clearance for the highest-classified data on the machine.
> Vendors field service people need clearance too. In many cases drives
> are removable and are, as a standard procedure, removed before field
> service touch the machine.
>
> I don't think what you ask is possible on any near-standard multi-user
> Unix machine. It could be done in a client/server environment. Keep
> encrypted files on the server, decrypt only on the client. Anyone
> with root privilege on the client could still beat the system, but
> if you prohibit remote login to the client (and audit that) and require
> a passphrase for access to local key, this is fairly secure.
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/
>
----------------------------------------------
Andrew McNabb
Argus Systems Group
amcnabb@argus-systems.com
----------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:23 EST