Date: Fri, 25 Jun 1999 19:49:00 -0500 (CDT) From: Igor Roshchin <igor@physics.uiuc.edu> To: freebsd-security@freebsd.org Subject: Re: Secure Deletion Message-ID: <199906260049.TAA10675@alecto.physics.uiuc.edu> In-Reply-To: <Pine.LNX.4.05.9906261020200.25202-100000@zipper.zip.com.au> from "Nicholas Brawn" at "Jun 26, 1999 10:26:37 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> On Fri, 25 Jun 1999, Robert Watson wrote: > > > > > > > On a related noted, Ross Anderson and others wrote a paper on > > steganographic file systems > > > > http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/sfs3.ps.gz > > > > That is, file systems intended to hide even the presence of files if the > > user is not authorized, cryptographically. Ross has suggested I port the > > linux code to FreeBSD while I'm at Cambridge for the next few weeks. > > Given the backlog of Posix.1e stuff, I may not get around to it, but it's > > an interesting concept. > > I pondered a similar idea a while back. However I was curious of how to > address a situation like the following: > > user 'a' creates "myfile" in /tmp. > user 'b' is perusing /tmp, and decides to create a file called "myfile". > > What is the response at this stage? Does the OS tell 'b' that their > permission is denied, resulting in a potential for bruteforcing the > existance of hidden files? Alternatively, you could allow 'b' to create > "myfile", and have a psuedo file system that is only makes files created > available to owners of the file, but allowing multiple occurences of > "myfile" to exist in the same logical file system. But then you'd have to > think about how you could make files available to others. > > Nick > Should not it be this way: if the user is not allowed "cryptographically" to see the directory (obviously, it would not be /tmp !), then, certainly that user should be prohibited from writing in it (as well, as any other type of access) by the same means. So, if I am not authorized to see the directory ~ncb/ , I should be able to write in it, and, most likely in any of its subdirectories. May be I am missing something ? Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906260049.TAA10675>