Subject: Re: encrypted swap?
To: Steven M. Bellovin <smb@research.att.com>
From: Brett Lymn <blymn@baesystems.com.au>
List: tech-kern
Date: 06/05/2001 12:23:23
According to Steven M. Bellovin:
>
> (well, /dev/wd0b is mode 640, which is probably a mistake --
>though anyone with operator privs can read any other private file on
>the system, though not modify it).
>
Depends on what you mean by mistake ;-) The device is RO for operator
so that the operator can perform backups of the system without needing
root privileges. That, at least, is the intent. Whether or not that
is a valid design is something different.
--
===============================================================================
Brett Lymn, Computer Systems Administrator, BAE SYSTEMS
===============================================================================