On Fri, 15 Oct 1999, Alyea wrote:
> Nice idea, but if the person roots your box, they can get access to all the
> keylogger information. Specifically, usernames and passwords will be in those
> logs.
Only if you log on-box and you log passwords (the initial idea to log
from getty could ignore passwords- sniffing makes that option more
difficult, but not impossible, esp. if you're using remote secure logins.)
If someone gets root and you don't notice it, then they'll likely get all
the usernames/passwords anyway.
It's a pity that the Secure-ID folks haven't done a PAM module for Linux
yet. That takes half the problem away immediately.
Compartments make this much, much easier to do, since root no longer
matters. Perhaps someday we'll see RSBAC in the stock Linux kernel,
until then http://www.rsbac.de/ is available for people with time to do
fairly serious security.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
