Re: Userland encrypted filesystem that root cannot access.

• Next message: Mr. James W. Laferriere: "Re: tmpfs"
• Previous message: Ralf Baechle: "Periodic RTC interrupt"
• In reply to: Joel Jaeggli: "Re: Userland encrypted filesystem that root cannot access."
• Next in thread: Mike A. Harris: "Re: Userland encrypted filesystem that root cannot access."
• Reply: Mike A. Harris: "Re: Userland encrypted filesystem that root cannot access."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

** On Feb 19, Joel Jaeggli scribbled:

> > > While mounted? No. Root has access to the entire machine and
> > Why not? Just never decrypt data on fs read. Feed the client with encrypted
> > data and leave it to them to decrypt it.
>
> root will still be able to do inconvenient things like truss the process
> thats dealing with the fs, snoop the tty that output is being fed to etc.
Yes, but none of this will result in the data being revealed, and that was
what MIke wanted to achieve:

encrypted_file(fs) -> read_encrypted_chunk
encrypted_chunk -> send_over_encrypted_link
remote_end -> receive_double_encrypted_data -> decode_the_transmission_data
encrypted_chunk_decode -> real_data

The data is out of reach of the local root.

marek

• application/pgp-signature attachment: stored

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Mr. James W. Laferriere: "Re: tmpfs"
• Previous message: Ralf Baechle: "Periodic RTC interrupt"
• In reply to: Joel Jaeggli: "Re: Userland encrypted filesystem that root cannot access."
• Next in thread: Mike A. Harris: "Re: Userland encrypted filesystem that root cannot access."
• Reply: Mike A. Harris: "Re: Userland encrypted filesystem that root cannot access."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:24 EST