|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Status of FreeBSD security work? Audit, regression and crypto swap?
From: Kris Kennaway (kris
FreeBSD.org)Date: Mon Jul 24 2000 - 18:12:17 CDT
- Next message: Cyrille Lefevre: "Re: What does this mean and how do I stop it ?"
- Previous message: Rodney W. Grimes: "Re: Problems with natd and simple firewall"
- In reply to: Mike Silbersack: "Re: Status of FreeBSD security work? Audit, regression and crypto swap?"
- Next in thread: Mike Silbersack: "Re: Status of FreeBSD security work? Audit, regression and crypto swap?"
- Next in thread: Thomas R. Stromberg: "Re: Status of FreeBSD security work? Audit, regression and crypto swap?"
- Reply: Kris Kennaway: "Re: Status of FreeBSD security work? Audit, regression and crypto swap?"
- Reply: Mike Silbersack: "Re: Status of FreeBSD security work? Audit, regression and crypto swap?"
- Reply: Greg Lewis: "Re: Status of FreeBSD security work? Audit, regression and crypto swap?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 24 Jul 2000, Mike Silbersack wrote:
> Encrypting at that low of a level wouldn't be very useful in the long
> run. For an encrypted filesystem to be truly useful, each user's files
> are encrypted with their own key. A partition-wide encryption doesn't
> protect anything if you get root hacked on your box.
Except this breaks the Unix filesystem semantic that you can read other
people's files (if they have to provide their key manually and it is not
pre-available), which is probably necessary for system operation. Unless
all of the keys were available in the kernel without user intervention and
stored persistently (perhaps encrypted by a master key), which sort of
defeats the purpose unless you have somewhere "better" to store the key
table than on disk.
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythealum.mit.edu>
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Cyrille Lefevre: "Re: What does this mean and how do I stop it ?"
- Previous message: Rodney W. Grimes: "Re: Problems with natd and simple firewall"
- In reply to: Mike Silbersack: "Re: Status of FreeBSD security work? Audit, regression and crypto swap?"
- Next in thread: Mike Silbersack: "Re: Status of FreeBSD security work? Audit, regression and crypto swap?"
- Next in thread: Thomas R. Stromberg: "Re: Status of FreeBSD security work? Audit, regression and crypto swap?"
- Reply: Kris Kennaway: "Re: Status of FreeBSD security work? Audit, regression and crypto swap?"
- Reply: Mike Silbersack: "Re: Status of FreeBSD security work? Audit, regression and crypto swap?"
- Reply: Greg Lewis: "Re: Status of FreeBSD security work? Audit, regression and crypto swap?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]