Date: Tue, 25 Jul 2000 11:46:07 +0930 (CST) From: Greg Lewis <glewis@trc.adelaide.edu.au> To: Kris Kennaway <kris@FreeBSD.org> Cc: freebsd-security@FreeBSD.org Subject: Re: Status of FreeBSD security work? Audit, regression and crypto swap? Message-ID: <200007250216.LAA42182@ares.trc.adelaide.edu.au> In-Reply-To: <Pine.BSF.4.21.0007241608300.20680-100000@freefall.freebsd.org> from Kris Kennaway at "Jul 24, 2000 04:12:17 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway wrote: > On Mon, 24 Jul 2000, Mike Silbersack wrote: > > > Encrypting at that low of a level wouldn't be very useful in the long > > run. For an encrypted filesystem to be truly useful, each user's files > > are encrypted with their own key. A partition-wide encryption doesn't > > protect anything if you get root hacked on your box. > > Except this breaks the Unix filesystem semantic that you can read other > people's files (if they have to provide their key manually and it is not > pre-available), which is probably necessary for system operation. Unless > all of the keys were available in the kernel without user intervention and > stored persistently (perhaps encrypted by a master key), which sort of > defeats the purpose unless you have somewhere "better" to store the key > table than on disk. TCFS can share files between members of a group starting with version 2.2. More details at http://tcfs.dia.unisa.it/group-sharing.html. -- Greg Lewis glewis@trc.adelaide.edu.au Computing Officer +61 8 8303 5083 Teletraffic Research Centre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007250216.LAA42182>