hamid@lims01.lerc.nasa.gov (HAMID SAMADANI) (01/04/91)
Path: lims01.lerc.nasa.gov!hamid From: hamid@lims01.lerc.nasa.gov (HAMID SAMADANI) Newsgroups: misc.security Subject: Unix mail Date: 4 JAN 91 09:23:15 Expires: References: Sender: Reply-To: hamid@lims01.lerc.nasa.gov Followup-To: Organization: NASA Lewis Research Center Keywords: News-Software: VAX/VMS VNEWS 1.3-4 How secure is mail on a Unix account? Level 1 - If your login password is known by others, then your mail is certainly not secure. Leve 2 - What if the access privileges to the directory into which Unix stores mail is open to world? What measures can a user take to ensure that their mail is stored in a secure directory. Where and how is Unix mail stored? Level 3 - Finally, root has access to everything. Does a user have to essentially depend on the discretion of the person(s) who has/have the root account and password in consideration of mail or other files that are private or sensitive? Hamid Samadani hamid@lims01.lerc.nasa.gov -My opinions are my own.
mjr@hussar.dco.dec.com (Marcus J. Ranum) (01/05/91)
hamid@lims01.lerc.nasa.gov writes: > How secure is mail on a Unix account? Encrypt your mail using your favorite encryption algorythm, uuencode the results, and mail that to your friend, after exchanging passwords through some other medium. If your mail goes over an ethernet, internet, or you can't trust your systems administrators or other users on your machine, it's best to not say anything you want secret unless it's enciphered. mjr. -- If the designers of X-window built cars, there would be no fewer than five steering wheels hidden about the cockpit, none of which follow the same prinicples - but you'd be able to shift gears with your car stereo. Useful feature, that. [From the programming notebooks of a heretic, 1990]