From owner-freebsd-security  Mon Jul 24 23: 6:57 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ywing.creative.net.au (ywing.creative.net.au [203.56.168.34])
	by hub.freebsd.org (Postfix) with ESMTP
	id A5B4D37B989; Mon, 24 Jul 2000 23:06:47 -0700 (PDT)
	(envelope-from adrian@ywing.creative.net.au)
Received: (from adrian@localhost)
	by ywing.creative.net.au (8.9.3/8.9.3) id IAA65973;
	Tue, 25 Jul 2000 08:14:24 +0200 (CEST)
	(envelope-from adrian)
Date: Tue, 25 Jul 2000 08:14:23 +0200
From: Adrian Chadd <adrian@FreeBSD.org>
To: Mike Silbersack <silby@silby.com>
Cc: Kris Kennaway <kris@FreeBSD.org>,
	Adrian Chadd <adrian@FreeBSD.org>, Terje Elde <terje@elde.net>,
	Robert Watson <rwatson@FreeBSD.org>,
	Sheldon Hearn <sheldonh@uunet.co.za>,
	=?iso-8859-1?Q?Joachim_Str=F6mbergson?= <watchman@ludd.luth.se>,
	Greg Lewis <glewis@trc.adelaide.edu.au>, freebsd-security@FreeBSD.org
Subject: Re: Status of FreeBSD security work? Audit, regression and crypto swap?
Message-ID: <20000725081423.Q62551@ywing.creative.net.au>
References: <Pine.BSF.4.21.0007241608300.20680-100000@freefall.freebsd.org> <Pine.BSF.4.21.0007241937560.6271-100000@achilles.silby.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <Pine.BSF.4.21.0007241937560.6271-100000@achilles.silby.com>; from silby@silby.com on Mon, Jul 24, 2000 at 07:40:09PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, Jul 24, 2000, Mike Silbersack wrote:
> 
> On Mon, 24 Jul 2000, Kris Kennaway wrote:
> 
> > On Mon, 24 Jul 2000, Mike Silbersack wrote:
> > 
> > > Encrypting at that low of a level wouldn't be very useful in the long
> > > run.  For an encrypted filesystem to be truly useful, each user's files
> > > are encrypted with their own key.  A partition-wide encryption doesn't
> > > protect anything if you get root hacked on your box.
> > 
> > Except this breaks the Unix filesystem semantic that you can read other
> > people's files (if they have to provide their key manually and it is not
> > pre-available), which is probably necessary for system operation. Unless
> > all of the keys were available in the kernel without user intervention and
> > stored persistently (perhaps encrypted by a master key), which sort of
> > defeats the purpose unless you have somewhere "better" to store the key
> > table than on disk.
> > 
> > Kris
> 
> Sorry, I should've mentioned that the encryption would be on a per-file
> basis.  For example, I'd encrypt ~silby/personal and leave everything else
> untouched.  This is how TCFS/CFS works, if I understand correctly.

Ok. Someone is going to have to make stacking layers finally work. ;-)


Adrian

-- 
Adrian Chadd			Now 17-year-olds can't play a _video game_
<adrian@FreeBSD.org>		because its called violent -
				and real violence is still called dinner.
					-- jamie@mccarthy.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message