jdow wrote:
> I guess I should have said an encrypted ring is no more open to root than
> it is open to any person who has cracked into your account. Root by
> definition has done that. And root can't casually read it.
True.
> Root would
> have to execute an exploit to gain access.
Not according to most definitions of the noun "exploit". Root gets to
replace any file it likes on the machine[1]. Root gets to change the
environment of normal users how it likes. Root gets to read *all* memory
in use. This is by definition of the Unix security model -- if root
makes use of that, it's not a security "exploit" since root was supposed
to be able to do that anyway.
An "exploit" is where someone unauthorised (at least as far as the
software is aware) makes use of a security bug to gain (excess)
privileges.
Hope this helps,
James.
[1] All of this is "in normal Unix". Some secure Unix environments limit
what even root can do.
--
E-mail: james@ | Sanity is no excuse.
aprilcottage.co.uk | -- Ursula Vernon
| http://ursulav.livejournal.com/131503.html
