Subject: Re: encrypted swap?
To: Brett Lymn <firstname.lastname@example.org>
From: Steven M. Bellovin <email@example.com>
Date: 06/04/2001 23:28:49
In message <200106050253.MAA12121@mallee.awadi>, Brett Lymn writes:
>According to Steven M. Bellovin:
>> (well, /dev/wd0b is mode 640, which is probably a mistake --
>>though anyone with operator privs can read any other private file on
>>the system, though not modify it).
>Depends on what you mean by mistake ;-) The device is RO for operator
>so that the operator can perform backups of the system without needing
>root privileges. That, at least, is the intent. Whether or not that
>is a valid design is something different.
I (mostly) agree with 640 for most partitions; my comment was about
that mode for the swap area, which isn't backed up.
--Steve Bellovin, http://www.research.att.com/~smb