[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypto filesystems



> So when a cryptofilesystem is selected, it must be manageable as a single 
> binary large object.

They are. crypto happens as a kernel filter on a loopback device.
The loopback is connected to a file. So, to the disk (and everyone
else that can't "see" the mounted cryptofs) it looks like a file of
gibberish. Backed up like normal files. So, they're pretty secure
on the face of it.

However, when I (non-root) mount my cryptofs, it gets a bit weird.
I haven't looked to see if (a) others can see my cryptofs mount,
and (b) the ownership of the loopback device.

Passphrases are obtained from the terminal (or maybe console only)
during the mount process. Once that's done, it looks like any
mounted directory to me.

The aspect that I'm interested in is if I boot in SuSE, I have access
to my cryptofs. If I boot into any of the other distros, I don't.

What I'm thinking of doing is stuffing a symlink for ~/.ssh into my
cryptofs. Presto - protected .ssh info - even from root. Well, except
when my cryptofs is mounted.

For a better cryptofs, I'd expect something like an ssh-agent process
or some mechanism to limit the scope of the cryptofs to the process
that initiated the loopback mount. The problem becomes creating a bunch
of additional shells that need access to the cryptofs and not requiring
me to enter the bloody passphrase for each one. If I do that, there's
no difference to root performing an su to me after I've mounted my
cryptofs and presto - root has access to my data.

Mike808/

---------------------------------------------
http://www.valuenet.net



-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.