445
445
<refsect1 id="security">
446
446
<title>SECURITY</title>
448
This program is set-uid to root, but will switch back to the
449
original user and group after bringing up the network interface.
452
To use this program for its intended purpose (see <xref
453
linkend="purpose"/>), the password for the root file system will
454
have to be given out to be stored in a server computer, after
455
having been encrypted using an OpenPGP key. This encrypted data
456
which will be stored in a server can only be decrypted by the
457
OpenPGP key, and the data will only be given out to those
458
clients who can prove they actually have that key. This key,
459
however, is stored unencrypted on the client side in its initial
460
<acronym>RAM</acronym> disk image file system. This is normally
461
readable by all, but this is normally fixed during installation
462
of this program; file permissions are set so that no-one is able
466
The only remaining weak point is that someone with physical
467
access to the client hard drive might turn off the client
468
computer, read the OpenPGP keys directly from the hard drive,
469
and communicate with the server. The defense against this is
470
that the server is supposed to notice the client disappearing
471
and will stop giving out the encrypted data. Therefore, it is
472
important to set the timeout and checker interval values tightly
473
on the server. See <citerefentry><refentrytitle
474
>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
477
<emphasis>Note</emphasis>: This makes it impossible to have
478
<application >Mandos</application> clients which dual-boot to
479
another operating system which does <emphasis>not</emphasis> run
480
a <application>Mandos</application> client.
added
removed
plugins.d/password-request.xml
