On Sat, 19 Feb 2000, Grendel wrote:
>> > > While mounted? No. Root has access to the entire machine and
>> > Why not? Just never decrypt data on fs read. Feed the client with encrypted
>> > data and leave it to them to decrypt it.
>>
>> root will still be able to do inconvenient things like truss the process
>> thats dealing with the fs, snoop the tty that output is being fed to etc.
>Yes, but none of this will result in the data being revealed, and that was
>what MIke wanted to achieve:
>
>encrypted_file(fs) -> read_encrypted_chunk
>encrypted_chunk -> send_over_encrypted_link
>remote_end -> receive_double_encrypted_data -> decode_the_transmission_data
>encrypted_chunk_decode -> real_data
>
>The data is out of reach of the local root.
True, but the problem is that no remote machine exists. This is
a workstation that is used locally, not via a network. That is a
good solution for the remote case however IMHO.
-- Mike A. Harris Linux advocate Computer Consultant GNU advocate Capslock Consulting Open Source advocateJoin the FreeMWare project - the goal to produce a FREE program in which you can run Windows 95/98/NT, and other operating systems.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:24 EST