Jan Hudec wrote: > On Thu, Apr 21, 2005 at 19:44:56 +0100, Jamie Lokier wrote: > > Jan Hudec wrote: > > > By the way, IIRC so far the root can access all kernel memory too via > > > /dev/kmem. So the limiting of root's rights would have to be limited > > > a bit more yet. > > > > On some hardened systems, root is not allowed access to /dev/kmem. > > That sure makes sense. Still the secret keys must either never leave > kernel (which would need all the encryption, decryption and checking > code in kernel), or they must be protected in userland too. Which means > the process has to be protected against being ptraced or inspected > through /dev/mem.
That's right. Protecting users' private data from access by the administrators on a multi-user system is, not surprisingly, hard.... -- Jamie - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
