From owner-freebsd-current@FreeBSD.ORG Sat Dec 12 22:29:12 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B4944106566B for ; Sat, 12 Dec 2009 22:29:12 +0000 (UTC) (envelope-from dthiele@gmx.net) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.freebsd.org (Postfix) with SMTP id 24B868FC1B for ; Sat, 12 Dec 2009 22:29:11 +0000 (UTC) Received: (qmail invoked by alias); 12 Dec 2009 22:02:29 -0000 Received: from p548657E1.dip.t-dialin.net (EHLO impala.vnws.lan) [84.134.87.225] by mail.gmx.net (mp044) with SMTP; 12 Dec 2009 23:02:29 +0100 X-Authenticated: #19302822 X-Provags-ID: V01U2FsdGVkX18SZwgqGHsSBxpNw4+9iHEAAUE3EHFPbzzDDaUc02 f++mdibnmt3UCz Message-ID: <4B24143E.2060803@gmx.net> Date: Sat, 12 Dec 2009 23:07:58 +0100 From: Daniel Thiele User-Agent: Thunderbird 2.0.0.23 (X11/20091212) MIME-Version: 1.0 To: freebsd-current@freebsd.org X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 X-FuHaFi: 0.43 Cc: shaun@FreeBSD.org Subject: Support for geli onetime encryption for /tmp? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Dec 2009 22:29:12 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, I am contentedly using a onetime encrypted swap partition through the means provided by rc.d/encswap and fstab, i.e. appending '.eli' to the swap partition's name. Since some of the things that accumulate in /tmp over the time may contain confidential information, I would like to encrypt this partition, too. I know of the clear_tmp_enable rc.conf option, but this only deletes /tmp's contents simply by utilizing rm(1), which helps but I would not consider this as a sufficient solution for the problem of making no longer needed /tmp-data unaccessible. So, unless I am missing something, currently the only way to go seems to be utilizing geli together with a passphrase (and a secret key). Now, for /tmp being a file systems for which no guarantee towards persistence across reboots is needed, a onetime encryption seems to be the better choice, e.g. no one can force you to give away the passphrase or key file. While I was looking for a solution, I stumbled upon a patch (conf/102700, link below) from 2006 by Shaun Amott (CC'ed) that adds support for exactly this kind of encryption. Is there a reason why this patch has not made it into the base system yet? I think it would be a valuable addition to FreeBSD in regard to security. In that context it may be even better to enhance the patch to not only support onetime encryption for /tmp, but any kind of file system, which a user may specify via fstab. Then, however, the issue of how to exactly distinguish between onetime and normal encryption in fstab needs to be solved. Is there maybe another way to achieve onetime /tmp encryption that I am missing? Preferably one that does not involve huge changes to the default config files to minimize the time spent mergmaster-ing these files during an update. This last point is basically what keeps me from applying conf/102700 locally or implementing my own solution. Kind regards, Daniel conf/102700: http://www.freebsd.org/cgi/query-pr.cgi?pr=102700&cat=conf -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJLJBQ3AAoJEB+84OrFyizNoZgQAICpe+vPcU3RAkZwVw1bUwCH HD42SUUg8CX2t21dBsZLYLTzfdP5A3Bkwo2BhlEQtEd9OJrWD9blFbXU88/z1P+V J0xXL3HNfJU+ufwi7D7sSBclnwrERpMhtxCzyO95bI/CqCdbYvdrfdOGX4L05jkO nILa/wsL1qp1a6/c1LYbqDWuY2OGLNX7YiQi8yevioADXjBkTQWSaCExCZTfqRGx y8CaMdjagQrPoYU02x4CxCt7txUZH0NlYdMGO4qTx6rrNZmIZDyxvtkZYGLqx/XF o+FR9zciXKGQupBgQrp4mtNLObifmP/cKRgbEwI9sj+EZcnkR2RAoXZDH0TRyVxe y52evOk4ljy2Lupc85eWVhiiR8E0sBdoyHMKbkBdMjP46aFJT1JTqPpZMCQf5lgc gMY/TgTXr8sM9XsdJUZxzUK8MbRtx/S0yh5okl44/pF9CwfYFI0DPzOX3NTueaEK da2C85MQ1ZQtTuvsO2pAf7nkHhOuSbT7kmWPWVVrNMkZAOmZR3igkQTF7fSBosVI e7j56k2qWzv9hjB6uEjnjvtxmbuqXDgShIDuhw1LGIu3YH4TyGKAVXphUXM7dZ8p t1ZJ+yeLMw+domat8ExQ4EKsUB2/iF2hiSNDRHQsTz0rTsSWFfkHT462DEmyNqM4 iCMhtsEoW9QwzQ1XwlQR =Kh0d -----END PGP SIGNATURE-----