** On Feb 19, Horst von Brand scribbled:
> "Mike A. Harris" <mharris@meteng.on.ca> said:
> > Are there any patches for the kernel, or userland solutions which
> > allow a user to mount an encrypted filesystem (perhaps through
> > loopback) which while mounted, root cannot read? Or is this
> > concept beyond Linux currently?
>=20
> > I'm thinking of the case where the superuser can admin the
> > machine but due to confidentiality, the data must not be readable
> > by root under any circumstance. Possible?
>=20
> A determined root will be able to snoop on your password and stash the
> contents of your encrypted media away for leisurly study. Not easy to do,
> but not terribly hard either.
If the data is sent encrypted to the remote client using ssh transmission,
then even if root snoops the ssh encryption key, he won't be able to
actyallu read the data -the data will be encrypted on the client's machine.
marek
--pQhZXvAqiZgbeUkD
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjivCk8ACgkQq3909GIf5uo9MACeJtuCbCPpmwNiM/Gl0ee2wxKt
69MAnijLaIgla0xOKWv/xBOcaAVObobd
=E1r2
-----END PGP SIGNATURE-----
--pQhZXvAqiZgbeUkD--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/