On Sat, 2014-02-01 at 11:38 -0200, Fabio S. Schmidt wrote:
> Thanks Sven, I really appreciate your considerations, especially about
> the encryption of the SMTP traffic.
> I will test Mandatory Access Control (MCS), like Se-linux(YES, I know
> that NSA wrote it) or Apparmor for instance, and custom
Thanks Sven, I really appreciate your considerations, especially about the
encryption of the SMTP traffic.
I will test Mandatory Access Control (MCS), like Se-linux(YES, I know that
NSA wrote it) or Apparmor for instance, and customising SUDO:
http://pubs.gpaterno.com//2009/protecting-confidential
Given that a physical root can bypass any and every ACL, encrypting
messages (upon receiving, e.g.) is the only remotely plausible way to
prevent access.
And even then the admin could sniff all SMTP traffic and copy messages
before encryption, so you'd need to monitor him anyway.
Why again does
On 31 Jan 2014, at 16:10, Fabio S. Schmidt wrote:
> Hello!
> Considering that Cyrus stores messages in files, does anyone have any
> experience on the protection of access to these files, even for the root
> user?
>
> I researched about SELINUX and found no conclusive documentation.
>
htt
Hi Dan ! Thanks for the answer !
I'm trying to prevent local access from a physical administrator. Even if
looged as root should be impossible to read the messages on the Cyrus
partitions. Other emails stores that I have dealt with also stores the
messages in files.
Blackman and Goetz, Thanks for
Yes, this is the answer. If messages need to protected from everyone,
including root, then they should be PGP encrypted at the source; with
MUA client-side decryption.
On 01/31/2014 10:37 AM, Mark Blackman wrote:
>
> On 31 Jan 2014, at 16:10, Fabio S. Schmidt wrote:
>
>> Hello!
>> Considering
On 01/31/14 14:10 -0200, Fabio S. Schmidt wrote:
>Hello!
>Considering that Cyrus stores messages in files, does anyone have any
>experience on the protection of access to these files, even for the root
>user?
>
>I researched about SELINUX and found no conclusive documentation.
Are you attempting t
Hello!
Considering that Cyrus stores messages in files, does anyone have any
experience on the protection of access to these files, even for the root
user?
I researched about SELINUX and found no conclusive documentation.
--
My best regards,
Fabio Soares Schmidt
Linux Professional Institute -
