Re: Re: "safe" perl cron environment?

The first paragraph above makee plenty of sense. Thinking that you can hide something from root on a Unix machine is folly.

However, paragraph the second makes no sense at all! If some code on the box can download the "secret" scripts, then root can read that code and do the same thing. Or he can just edit the code to print out the "secret" material after it has been downloaded. This is not a secure solution.

BTW, have you considered just making your client sign a non-disclosure agreement concerning the content of your "secret" scripts? Then you can just put the scripts on the box and if they ever use them publicly you can sue their pants off.

-sam

Comment on Re: Re: "safe" perl cron environment?

Replies are listed 'Best First'.
Re: Re: Re: "safe" perl cron environment? by djantzen (Priest) on Dec 02, 2002 at 19:16 UTC
If some code on the box can download the "secret" scripts, then root can read that code and do the same thing. Or he can just edit the code to print out the "secret" material after it has been downloaded. This is not a secure solution. Right, mostly I just moved the problem. A working solution would require some form of authentication procedure. Unfortunately, because root can simply read whatever files are needed on the client machine to provide credentials (i.e., username/password, plain text cookie, private encryption key), or `su` to the scripts' account, there's always going to be the risk of a spoofed client. In order to make this work I think you'd need a fairly elaborate process. The NDA is a good idea in any case, although given that these are running as cron jobs means probably they aren't visible to the public. So finding out if the NDA has been breached could be hard.	[reply] [d/l]
Re: Re: Re: "safe" perl cron environment? by jhanna (Scribe) on Dec 02, 2002 at 18:45 UTC
It's not clients I'm worried about -- I'm worried about someone stealing my magic algorithms! :-)	[reply]