Security-related questions

[Derek Broughton]

Nils Kassube wrote:

> Larry Hartman wrote:
>> Is it possible to create two user accounts, one that shows up in the
>> KDM/GDM logon display with restricted accesses, and another that is
>> invisible to KDM/GDM with more accesses?
> 
> At least for KDM the user isn't visible if the user ID is below 1000.

And you can specifically exclude users from the KDM login chooser - I
suspect, but don't know, that such users could still be used to login if
you actually used a valid username/password.

>> In the same vein, pertaining to these two accounts, is it possible to
>> restrict visibility to certain directories from the restricted
>> account
> 
> This can be done with the usual file / directory permissions. However you
> can't hide essential directories like /usr/bin etc.

Again, you can _hide_ all sorts of things in konqueror (using .directory
files, iirc - I've deleted the ones kubuntu installs by default, so I'm not
certain) - but it's just "security through obscurity".

>> to hide directories and files from view, even the "hidden"
>> options in the various file managers--so that only when logging into
>> the user account with more access do they become visible?
> 
> The hidden attribute is only a sort of interpretation of file names
> starting with "." by the file managers or other programs. If there is no
> global configuration override, you probably can't make "hidden" files
> invisible. And in a terminal you can definitely see the files with the
> appropriate commands (e.g. "ls -A").

Yeah, that's the same situation as the .directory files.  

What you can actually get even the slightest look at, in any unix-based
filesystem, is determined by the "x" (traverse) permission on a directory.

So if you want to hide, say, /sbin from ordinary users, you remove the "x"
permission from world, and make special users part of a group that does
have "x" permission.  It gets complicated ... :-)
> 
>> I am curious because I read a trial brief this week concerning a laptop
>> that was inspected by border control agents through actually turning it
>> on.
> 
> If you want to hide something from border control agents, it is probably
> better to not have sensitive data on the machine. 

That's really your only option.  If you try to _hide_ data from US border
control, I believe you're now committing a crime.

At least one legal office is now sending it's lawyers across the Canada-US
border with clean laptops - they download everything they need from
the 'net.  It's scary to imagine that its now more secure to save your data
on the Internet than on a well protected laptop (or that the people we most
have to protect ourselves from, are the people we expect to protect us).

> I read something the 
> other day, that a laptop hard disk was cloned at border control. You
> can't really hide an account because the user name has to be listed
> in /etc/passwd. Maybe you want to read a bit about truecrypt at
> <http://www.truecrypt.org>, but I can't tell you how safe that would be
> at border control.

Failing to deliver the decryption key could be a violation of the PATRIOT
act.
-- 
derek