From owner-freebsd-current@FreeBSD.ORG Wed Dec 16 03:45:38 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2E59F1065670 for ; Wed, 16 Dec 2009 03:45:38 +0000 (UTC) (envelope-from gleb.kurtsou@gmail.com) Received: from mail-fx0-f227.google.com (mail-fx0-f227.google.com [209.85.220.227]) by mx1.freebsd.org (Postfix) with ESMTP id 871B08FC08 for ; Wed, 16 Dec 2009 03:45:37 +0000 (UTC) Received: by fxm27 with SMTP id 27so557306fxm.3 for ; Tue, 15 Dec 2009 19:45:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:cc:subject :message-id:references:mime-version:content-type:content-disposition :in-reply-to:user-agent; bh=K3lidzHrTbJW2/OPpFyoph+PzzyR3/bWlfcgRRl9pwU=; b=N0i5KNBqL0EZsjvU/hrx92KSoBNuDagtsKE+Po8IdiS74rj2NIOP9y47kQ2JYZsCuG WiI97SXwWiD61sLVLkiGaFaxDcCgI4lLW/dOuqQSmYByZUjN6ekonFFvFfLZeXOfIas6 mGR5+117UczcUzQSqUZ5CgJqclA8IaHZBC8yA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=Kb+1nlRxyP88zzpo0afAjvFdIXjiG3n1dz0hiMFtc3Z+4/nmN0kerQvOQObaJUi8V4 W5jO/GYYv2uhHQLEkVuzqW338mg0dxP9zIB6a5I8up1pcDvzuy/TJDe/SwUI6lyTNg6i c9LhhCR1FjI4w7w8w4z/b2V5g4qNYiweA+kkU= Received: by 10.223.161.212 with SMTP id s20mr582825fax.2.1260935135818; Tue, 15 Dec 2009 19:45:35 -0800 (PST) Received: from localhost (lan-78-157-90-54.vln.skynet.lt [78.157.90.54]) by mx.google.com with ESMTPS id 1sm801988fkt.33.2009.12.15.19.45.34 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 15 Dec 2009 19:45:34 -0800 (PST) Date: Wed, 16 Dec 2009 05:45:20 +0200 From: Gleb Kurtsou To: Daniel Thiele Message-ID: <20091216034520.GA2368@tops.skynet.lt> References: <4B24143E.2060803@gmx.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <4B24143E.2060803@gmx.net> User-Agent: Mutt/1.5.20 (2009-06-14) Cc: freebsd-current@freebsd.org, shaun@FreeBSD.org Subject: Re: Support for geli onetime encryption for /tmp? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Dec 2009 03:45:38 -0000 On (12/12/2009 23:07), Daniel Thiele wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Hi, > > I am contentedly using a onetime encrypted swap partition through > the means provided by rc.d/encswap and fstab, i.e. appending '.eli' > to the swap partition's name. Since some of the things that accumulate > in /tmp over the time may contain confidential information, I would > like to encrypt this partition, too. I know of the clear_tmp_enable > rc.conf option, but this only deletes /tmp's contents simply by > utilizing rm(1), which helps but I would not consider this as a > sufficient solution for the problem of making no longer needed > /tmp-data unaccessible. So, unless I am missing something, currently > the only way to go seems to be utilizing geli together with a > passphrase (and a secret key). Now, for /tmp being a file systems > for which no guarantee towards persistence across reboots is needed, > a onetime encryption seems to be the better choice, e.g. no one can > force you to give away the passphrase or key file. I'd suggest you trying a stackable cryptographic file system (pefs) developed as a google summer of code project this year. Think of it as of nullfs + encryption. No need to create/use separate partition, etc. You can create one time passwords on boot and let rc.d scripts clean old staff: # pefs mount /tmp /tmp # dd if=/dev/random bs=16 count=1 | pefs addkey -pv -k - /tmp I use it to encrypt my home directory for some time already, works pretty good. It also works on top of tmpfs, if anybody needs it :) More info: http://gleb.blog.com/tag/pefs/ Recent sources on github: http://github.com/glk/pefs > While I was looking for a solution, I stumbled upon a patch > (conf/102700, link below) from 2006 by Shaun Amott (CC'ed) that > adds support for exactly this kind of encryption. Is there a reason > why this patch has not made it into the base system yet? I think it > would be a valuable addition to FreeBSD in regard to security. In > that context it may be even better to enhance the patch to not only > support onetime encryption for /tmp, but any kind of file system, > which a user may specify via fstab. Then, however, the issue of how > to exactly distinguish between onetime and normal encryption in > fstab needs to be solved. > > Is there maybe another way to achieve onetime /tmp encryption that > I am missing? Preferably one that does not involve huge changes to > the default config files to minimize the time spent mergmaster-ing > these files during an update. This last point is basically what keeps > me from applying conf/102700 locally or implementing my own solution. > > > Kind regards, > Daniel