-1

I'm developing a Linux application that needs to save some sensible data in order to reload them when the machine reboot.

So I'm investigating on how to save somewhere my data and protect them. (Obviously there will be always a possibility to crack it)

My goal is not to reinvent the wheel, so if there is a working solution, that's what I'm looking for.

ZedTuX
  • 2,859
  • 3
  • 28
  • 58
  • 4
    You will have to explain more to get good help. What is the protection going to be protecting against? what is being protected and how did it get there? – Johan Lundberg Feb 04 '13 at 20:10
  • I certainly wouldn't call it obvious that there is a possibility to crack. – Lieuwe Feb 04 '13 at 20:21
  • Can't you dedicate a specific Unix user to your application, make it perhaps setuid, and carefully use file permissions to restrict access of the sensitive data to that application? Or do you also want to avoid `root` reading it? What kind of sensible data do you deal with? – Basile Starynkevitch Feb 04 '13 at 20:56
  • For one-way encryption consider bcrypt and scrypt. It seems scrypt can also be used for general encryption. – ArtemGr Feb 04 '13 at 21:22
  • JohanLundberg and BasileStarynkevitch you are right, but I was looking for a common way to do that. I'm sure that it is not the first time. For example iptables, mail client, etc... they have some sensible data to store. How do they do that? – ZedTuX Feb 05 '13 at 12:50
  • @BasileStarynkevitch even root should not be able to change the content of that file as it would be firewall rules that will belongs to executable hash (executable MD5 of SHA256). – ZedTuX Feb 05 '13 at 12:56
  • root will always be able to change file contents, if he wants that hard enough. You might use some crypting techniques to make such changes generally useless... but there is no way to prohibit root to change some data... – Basile Starynkevitch Feb 05 '13 at 13:01
  • I agree @BasileStarynkevitch. I think I will have to do it like described in the answer. I'll wait a little bit in the case of someone else has another idea, otherwise I will accept the given answer – ZedTuX Feb 05 '13 at 17:24

1 Answers1

1

  1. Add a dedicated user for your application and set proper directory attributes. So other users can't see the directory and files, only root.

  2. Use a simple scramble algorhythm just to make the file hard to read by a simple cat.

  3. Never store passwords, and other sensible information in files.

ern0
  • 3,074
  • 25
  • 40
  • Thank you for the answer. I had this idea too. But my application is a firewall, I need to store rules that nobody and no other application can change. I am looking if a standard way exists to do that. Otherwise I will do like the answer said. – ZedTuX Feb 05 '13 at 12:53
  • As there is no other options.. let's validate that one. Anyway thanks @ern0. – ZedTuX Feb 08 '13 at 14:15