Date: Mon, 24 Jul 2000 16:12:17 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: Mike Silbersack <silby@silby.com> Cc: Adrian Chadd <adrian@FreeBSD.ORG>, Terje Elde <terje@elde.net>, Robert Watson <rwatson@FreeBSD.ORG>, Sheldon Hearn <sheldonh@uunet.co.za>, =?iso-8859-1?Q?Joachim_Str=F6mbergson?= <watchman@ludd.luth.se>, Greg Lewis <glewis@trc.adelaide.edu.au>, freebsd-security@FreeBSD.ORG Subject: Re: Status of FreeBSD security work? Audit, regression and crypto swap? Message-ID: <Pine.BSF.4.21.0007241608300.20680-100000@freefall.freebsd.org> In-Reply-To: <Pine.BSF.4.21.0007241556510.5736-100000@achilles.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Jul 2000, Mike Silbersack wrote:
> Encrypting at that low of a level wouldn't be very useful in the long
> run. For an encrypted filesystem to be truly useful, each user's files
> are encrypted with their own key. A partition-wide encryption doesn't
> protect anything if you get root hacked on your box.
Except this breaks the Unix filesystem semantic that you can read other
people's files (if they have to provide their key manually and it is not
pre-available), which is probably necessary for system operation. Unless
all of the keys were available in the kernel without user intervention and
stored persistently (perhaps encrypted by a master key), which sort of
defeats the purpose unless you have somewhere "better" to store the key
table than on disk.
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007241608300.20680-100000>