[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remailer Security



From: [email protected] (Jonathan Rochkind)

>Um, there's no reason why your remailer's account needs to be logged into
>interactively, is there?  Seems like remailer ops should disable login to
>remailer accounts, putting '*' into the password field in /etc/passwd, or
>however unix lets you disable login (I know it does).

	This depends on the setup at the remailer machine. If I'm operating
a remailer off of a rented account on a commercial machine, how am I going to
maintain the remailer when it crashes if I can't get into that account? This
would work to some degree if the machine in question had the remailer program
in a publically-accessible account, and all the remailer account was doing was
A. acting as a forwarding account and B. containing info like the private key
of the remailer. But it could still go wrong in a way such that you'd need to
get into the account (or have root access, which is equivalent from what I
know of the subject).
	-Allen