Re: Userland encrypted filesystem that root cannot access.

Marc Mutz (Marc@Mutz.com)
Fri, 18 Feb 2000 19:15:21 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeremy Beker: "Hang during boot in 2.3.46 and 2.2.14 caused by ide_timer_expiry"
Previous message: jason: "Re: ide-scsi with more than 1 cdrom"
Maybe in reply to: Mike A. Harris: "Userland encrypted filesystem that root cannot access."
Next in thread: H. Peter Anvin: "Re: Userland encrypted filesystem that root cannot access."

"Mike A. Harris" wrote:
>
> Are there any patches for the kernel, or userland solutions which
> allow a user to mount an encrypted filesystem (perhaps through
> loopback) which while mounted, root cannot read? Or is this
> concept beyond Linux currently?
>
> I'm thinking of the case where the superuser can admin the
> machine but due to confidentiality, the data must not be readable
> by root under any circumstance. Possible?
>
<snip>

I think it is impossible. In Linux Root==God (someone must have the
ultimate power as anyone can fail and someone must be there to fix
things up). Anything a given user can do, root can do it, too.

Maybe there is an application that can prohibit root's access to your
data while you are working with it (like pgp), but then: Root can still
listen to /dev/tty*, no?

Marc

-- Marc Mutz <Marc@Mutz.com> http://marc.mutz.com/Encryption-HOWTO/ University of Bielefeld, Dep. of Mathematics / Dep. of Physics

PGP-keyID's: 0xd46ce9ab (RSA), 0x7ae55b9e (DSS/DH)

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeremy Beker: "Hang during boot in 2.3.46 and 2.2.14 caused by ide_timer_expiry"
Previous message: jason: "Re: ide-scsi with more than 1 cdrom"
Maybe in reply to: Mike A. Harris: "Userland encrypted filesystem that root cannot access."
Next in thread: H. Peter Anvin: "Re: Userland encrypted filesystem that root cannot access."