Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 3 Jul 1997 16:09:41 +0200 (CEST)
From:      Mikael Karpberg <karpen@ocean.campus.luth.se>
To:        lada@ws6303.gud.siemens.at
Cc:        freebsd-hackers@FreeBSD.ORG
Subject:   Re: Crypto (MD5,DES) filesystem
Message-ID:  <199707031409.QAA03863@ocean.campus.luth.se>
In-Reply-To: <199707031212.OAA18858@ws6423.gud.siemens.at> from "marino.ladavac@siemens.at" at "Jul 3, 97 02:12:20 pm"

next in thread | previous in thread | raw e-mail | index | archive | help
According to marino.ladavac@siemens.at:
> > Hi!
> > 
> > I'm looking for an implementation of crypto filesystem for FreeBSD.
> > Perhaps it doesn't exist at all (yet).
> 
> Not that I know of.  Crypto filesystems that are not worse than useless
> are not easy.
> > 
> > I'm ignorant in filesystems intrinsics, so don't laugh, but here's my idea
> > how it could be done:
[...]
> > mount_crypto -e md5 /home/user/plaintext/locked /home/user/unlocked
> > 
> 
> And then everyone who has read access to the mounted files gets to see
> them as plaintext.  Anyone who happens to be root gets all of the contents
> for free.
> 
> This is worse than useless because it conveys a false feeling of security
> unless you consider the implications (then it becomes just plain useless:)

What's so useless about it? Root can go in and read to his hearts content
from /dev/mem, if needed. You can't really stop root from reading anything,
as long as it is not encrypted all the time while it's passing that computer.
And a crypted filesystem is impossible, then. That is, unless you do something
like NFS (where you can also mount it locally) where the client is responsible
for (de/en)crypting all the data. Then you could be safe, if the root at the
other machine had no power on your client machine, but just the server.

If you can't trust the superuser on a machine, then don't use that machine
for things that you care a lot about.

It should be possible to make a filesystem visible only to the person that
mounted it, no? I know basically nothing about the filesystem code, but I
can't imagine it would be very difficult. Just store the user id in the
"mount struct" (or whatever).

  /Mikael



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707031409.QAA03863>