Date: Mon, 24 Jul 2000 19:40:09 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Kris Kennaway <kris@FreeBSD.org> Cc: Adrian Chadd <adrian@FreeBSD.ORG>, Terje Elde <terje@elde.net>, Robert Watson <rwatson@FreeBSD.ORG>, Sheldon Hearn <sheldonh@uunet.co.za>, =?iso-8859-1?Q?Joachim_Str=F6mbergson?= <watchman@ludd.luth.se>, Greg Lewis <glewis@trc.adelaide.edu.au>, freebsd-security@FreeBSD.ORG Subject: Re: Status of FreeBSD security work? Audit, regression and crypto swap? Message-ID: <Pine.BSF.4.21.0007241937560.6271-100000@achilles.silby.com> In-Reply-To: <Pine.BSF.4.21.0007241608300.20680-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Jul 2000, Kris Kennaway wrote: > On Mon, 24 Jul 2000, Mike Silbersack wrote: > > > Encrypting at that low of a level wouldn't be very useful in the long > > run. For an encrypted filesystem to be truly useful, each user's files > > are encrypted with their own key. A partition-wide encryption doesn't > > protect anything if you get root hacked on your box. > > Except this breaks the Unix filesystem semantic that you can read other > people's files (if they have to provide their key manually and it is not > pre-available), which is probably necessary for system operation. Unless > all of the keys were available in the kernel without user intervention and > stored persistently (perhaps encrypted by a master key), which sort of > defeats the purpose unless you have somewhere "better" to store the key > table than on disk. > > Kris Sorry, I should've mentioned that the encryption would be on a per-file basis. For example, I'd encrypt ~silby/personal and leave everything else untouched. This is how TCFS/CFS works, if I understand correctly. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007241937560.6271-100000>