Date: Fri, 24 Mar 2006 17:48:11 +0300 From: Igor Robul <igorr@speechpro.com> To: freebsd-questions@freebsd.org Subject: Re: encrypted drives Message-ID: <20060324144811.GF26401@sysadm.stc> In-Reply-To: <4423B193.5080804@locolomo.org> References: <44210DFC.6000308@locolomo.org> <13d4d6bb0603220051x49fdb302v32bc501a81cb9a99@mail.gmail.com> <44211578.8050600@locolomo.org> <20060324083919.GE26401@sysadm.stc> <4423B193.5080804@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 24, 2006 at 09:45:07AM +0100, Erik Norgaard wrote: > It is not that file permissions doesn't work but having data that is not > yours unencrypted lowers the barrier for trespassing. Evil admins - even > if only temporarily evil - can access data they shouldn't. If you setup some automounting of encrypted user home directories, then there are two cases: 1) user must enter some additional password/key for encrypted device 2) user does not need additional password. In (2) case all user private keys are accessible by evil admin, so he can mount user's home directory. In (1) case "evil" admin can setup keylogger etc., to log all user input including passwords and still have access to user's files.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060324144811.GF26401>