From owner-freebsd-questions@FreeBSD.ORG Tue Mar 7 06:54:36 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD66F16A420 for ; Tue, 7 Mar 2006 06:54:36 +0000 (GMT) (envelope-from mv@roq.com) Received: from p4.roq.com (ns1.ecoms.com [207.44.130.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6965143D45 for ; Tue, 7 Mar 2006 06:54:36 +0000 (GMT) (envelope-from mv@roq.com) Received: from p4.roq.com (localhost.roq.com [127.0.0.1]) by p4.roq.com (Postfix) with ESMTP id 0F83F4CD73 for ; Tue, 7 Mar 2006 06:54:45 +0000 (GMT) Received: from [192.168.0.6] (ppp157-158.static.internode.on.net [150.101.157.158]) by p4.roq.com (Postfix) with ESMTP id 05B314CD52 for ; Tue, 7 Mar 2006 06:54:43 +0000 (GMT) Message-ID: <440D2E2A.1050900@roq.com> Date: Tue, 07 Mar 2006 17:54:34 +1100 From: Michael Vince User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20060213 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Subject: Remote X via winXP and Xclient security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Mar 2006 06:54:36 -0000 Hi All, I was wondering if any one had some ideas on my little problem / goal. I have been testing out using a X-cygwin and my X server in windows XP and FreeBSD / KDE as my X client via ssh, I really like this and was thinking of using it at work for many reasons I don't want to have to explain. My question is that since I can easily copy my home directory to a FreeBSD server and remote X into I have the problem where other people who have root access can easily read all the data in my home directory, does any one know of some kind of system where you can remote X into a machine and mount some kind of encrypted set of files in my home dir over the network? So they look like regular files to my on my X server in X-cygwin but aren't readable on the FreeBSD X client (what often would actually be considered the server to most people). The idea isn't to be ultra secure but just secure enough so that people who have root access on the FreeBSD X client machine can't conveniently spy my home dir. I do use GBDE filesystem encryption in a standalone file form so I can have portable backups but since they are mounted on the actual server it makes just as easy to view the mounted files. I haven't seen how far ACL and chflags can go, but considering a root user could su to another users privileged it couldn't be stopped. You could arguably look at it that I am looking for a 'ssh-agent' of encrypted file systems as in something that sits in memory and is willing to give me the information when I want it but still be that degree more difficult to get at from anyone else. Just like ssh-agent this is something between security and convenience. Regards, Mike