** On Feb 19, Joel Jaeggli scribbled:
> > > While mounted? No. Root has access to the entire machine and
> > Why not? Just never decrypt data on fs read. Feed the client with encrypted
> > data and leave it to them to decrypt it.
>
> root will still be able to do inconvenient things like truss the process
> thats dealing with the fs, snoop the tty that output is being fed to etc.
Yes, but none of this will result in the data being revealed, and that was
what MIke wanted to achieve:
encrypted_file(fs) -> read_encrypted_chunk
encrypted_chunk -> send_over_encrypted_link
remote_end -> receive_double_encrypted_data -> decode_the_transmission_data
encrypted_chunk_decode -> real_data
The data is out of reach of the local root.
marek
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Feb 19 2000 - 17:27:31 EST