On Sun, 2005-09-04 at 09:32 +0200, Andreas Hartmann wrote:
> Chase Venters wrote:
[...]
> >
> > Can I ask why you want to hide the database password from root?
>
> It's easy: for security reasons. There could always be some bugs in some
> software, which makes it possible for some other user, to gain root
> privileges. Now, they could easily strace for information, they shouldn't
Forget it.
You cannot hide anything seriously from root (or equivalent users on
other OSes and so-called OSes) with such attempts (independent how the
process got root - with the correct password or through a security hole
somewhere).
Consider the case that root installed a (patched) DB-server which dumps
the passwords in some logfile. Or root logs from the authentication
framework (be it PAM or something else)
> could do it. The password they could see, isn't just used for the DB, but
> for some other applications, too. That's the disadvantage of general
> (single sign on) passwords.
So either you get your own machine or you use different passwords for
different services.
Bernd
--
Firmix Software GmbH http://www.firmix.at/
mobil: +43 664 4416156 fax: +43 1 7890849-55
Embedded Linux Development and Services
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
