Steven Harms’ Blog

Technology, Linux, Life

Posts Tagged security

Fedora 12 default package install policy

Nov 19

Posted by sharms in General | 9 Comments

Just a quick note, if you don’t like Fedora 12’s policy, you probably don’t understand how systems today currently work.

This is much more secure, and you are able to disable it. If you are using systems in public, then there is much more you need to disable such as removable media automounting etc, and would not use default settings anyway.

The current way of throwing blanket root access out for any system change is inherently less secure, their change aims to only allow signed package and that 1 specific action to occur.

Yes you could make a collision, but if you can’t trust your package sources, you can’t trust your system as a whole, so the entire idea is moot.

Tags: , ,

Encrypted Swap

Sep 16

Posted by sharms in Linux | 7 Comments

This post was spawned from my own misconception that my swap partition contained no sensitive data on systems with a lot of ram.

All of my systems I work with have atleast 4GB of ram, so my swap usage is usually under 2 megabytes. Why should I worry what’s in my swap partition?

Instead of going into it, just try it yourself. My swap partition is /dev/sda5. Run the command:

$ sudo strings /dev/sda5 | more

What came up was a ton of interesting data, from files I had looked at, print jobs, and bash scripts. So yes, even if you have enough ram, your swap is still very vulnerable to storing a lot of data about you.

Good news is Ubuntu 9.10 / Karmic will have the option to encrypt swap, which is on the wiki.

Tags: , ,