Re: Userland encrypted filesystem that root cannot access.

Peter T. Breuer (ptb@it.uc3m.es)
Sat, 19 Feb 2000 11:14:18 +0100 (MET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Petru Paler: "Re: [2.3.47pre3] alt-sysrq works in 2.2.14, but not in 2.3.44+"
Previous message: Russell King: "Re: IP autoconfig doesn't work in 2.3.46"

"A month of sundays ago Mike A. Harris wrote:"
> On Fri, 18 Feb 2000, Alexander Viro wrote:
>
> >> Are there any patches for the kernel, or userland solutions which
> >> allow a user to mount an encrypted filesystem (perhaps through
> >> loopback) which while mounted, root cannot read? Or is this

> >Don't be silly. Hint: su lusername. God, root - what's the difference?
>
> Hehe. Well, yes... That is what I assumed - that it is
> currently NOT possible. It is something that SHOULD be possible

It is possible to make it a bit of a snooping effort. For example,
encrypt individual files FYEO with a public key, then require a
viewer application with which to read them. The viewer needs the
private key. Root has to snoop the session to find it.

Do it remotely and you're OK. I.e. encrypt a file (in which there
is a file system) and export it by NBD to a viewing machine, which
mounts the decrypted system. This is 100% secure. I think I can do
that ..

Peter

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Petru Paler: "Re: [2.3.47pre3] alt-sysrq works in 2.2.14, but not in 2.3.44+"
Previous message: Russell King: "Re: IP autoconfig doesn't work in 2.3.46"