Bear Giles <[EMAIL PROTECTED]> writes: > Jay Lee wrote: >> Lloyd Zusman said: >>>Mail in transit or which is being piped to other processes would remain >>>in plain text; only when Courier is writing a message to disk would it >>>be optionally encrypted. >> I'm not sure of the logic behind this approach, however if it only >> encrypts when mail is written to disk that you want it encrypted, >> investigate putting your mail spoolone of the encrypted filesystems that >> Linux supports. A google for linux and "encrypted filesystem" turned up >> plenty. > > It depends on what his threat model is. An encrypted filesystem can > protect backups (assuming you remember to not back up the cleartext > form!), but may or may not hide the contents from other users on a live > system. I know the kernel "loopback" encrypted FS looks just like a > regular mounted disk. I'm not sure whether CFS (which uses a > specialized NFS client/server) is visible to all users or just users who > provided the appropriate password. > > Whatever it is, the mail daemons must have access to the encrypted FS so > any user that can masquerade as one of these daemons can look at any > message. That means any threat model involving local users with > privilege escalation will be difficult to solve - if they can access the > mail spool, they can probably muck with the mail daemons so anything > they do may be moot. > > Bear
Exactly. And thanks to all of you for your feedback. The problem that I'm trying to solve (or at least brainstorm about) is to see if there is a way to keep users who might somehow get root from reading other users' email ... or at least to make it extremely difficult. Yes, I know that this is very nearly a moot point on a well-configured and secure system. But I was just doing some "what if" thinking, and this hypothetical problem came to mind. I then thought I'd pose the question here to see if anyone else has thought about it, as well. ... and if it turned out to be easy to write some sort of Courier plugin to do this, I was then going to dive in and give it a try. But now, knowing that such a thing would require a lot of refactoring of the code, I'll just keep this in the "brainstorming" category. -- Lloyd Zusman [EMAIL PROTECTED] God bless you. ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
