From owner-freebsd-security  Mon Jul 24 17:40:15 2000
Delivered-To: freebsd-security@freebsd.org
Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39])
	by hub.freebsd.org (Postfix) with SMTP id 1E48337B590
	for <freebsd-security@FreeBSD.ORG>; Mon, 24 Jul 2000 17:40:10 -0700 (PDT)
	(envelope-from silby@silby.com)
Received: (qmail 6284 invoked by uid 1000); 25 Jul 2000 00:40:09 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 25 Jul 2000 00:40:09 -0000
Date: Mon, 24 Jul 2000 19:40:09 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: Kris Kennaway <kris@FreeBSD.org>
Cc: Adrian Chadd <adrian@FreeBSD.ORG>, Terje Elde <terje@elde.net>,
	Robert Watson <rwatson@FreeBSD.ORG>,
	Sheldon Hearn <sheldonh@uunet.co.za>,
	=?iso-8859-1?Q?Joachim_Str=F6mbergson?= <watchman@ludd.luth.se>,
	Greg Lewis <glewis@trc.adelaide.edu.au>, freebsd-security@FreeBSD.ORG
Subject: Re: Status of FreeBSD security work? Audit, regression and crypto
 swap?
In-Reply-To: <Pine.BSF.4.21.0007241608300.20680-100000@freefall.freebsd.org>
Message-ID: <Pine.BSF.4.21.0007241937560.6271-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Mon, 24 Jul 2000, Kris Kennaway wrote:

> On Mon, 24 Jul 2000, Mike Silbersack wrote:
> 
> > Encrypting at that low of a level wouldn't be very useful in the long
> > run.  For an encrypted filesystem to be truly useful, each user's files
> > are encrypted with their own key.  A partition-wide encryption doesn't
> > protect anything if you get root hacked on your box.
> 
> Except this breaks the Unix filesystem semantic that you can read other
> people's files (if they have to provide their key manually and it is not
> pre-available), which is probably necessary for system operation. Unless
> all of the keys were available in the kernel without user intervention and
> stored persistently (perhaps encrypted by a master key), which sort of
> defeats the purpose unless you have somewhere "better" to store the key
> table than on disk.
> 
> Kris

Sorry, I should've mentioned that the encryption would be on a per-file
basis.  For example, I'd encrypt ~silby/personal and leave everything else
untouched.  This is how TCFS/CFS works, if I understand correctly.

Mike "Silby" Silbersack



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message