Florian Bantner [f.bantner@axon-e.de] wrote:
>
> I don't know tmpfs. What I'm currently thinging about is:
> * Create for every user a directory under his home.
> * Use some kind of ram-disk device.
> * Perhaps (just to be sure) encrypt it. Perhaps that's where I need
> some kind of encrypting filesystem (do I?). I'm not experienced in
> fs encryption. How do I mount such devices. Which encryption is
> used? When to enter passphrase?
>
thisis all well and good however the encrypted/whatever filesystem is
*mounted*. This means that the file is just stored in a *filing system* and
not some magical place where only the user can go. Remember if the user can
read the file that means root also can. Regardless of what filesystem you
are using. When its an encrypted filing system thats been mounted there is
no longer a need to know the key code unless its umounted and needs to then
be mounted.
sorry to 'piss on yer fire' but it ain't going to happen :) An alternative
is to try and find a nano/mutt hybrid that doesn't use temp files. You may
be able to pipe via stdin/outs as a quick patch. Remember if the data is on
a filing system and currently readable by the system administrator then the
data is insecure.
However with all these concerns about the root guy/gal, are they
untrustworthy or just a plain BOFH? If this is the caseit is likely to be
worth considering finding a friend with 24/7 access and putting an old 486
box online for you to ssh into.
having just read more of the thread, I notice root is not the problem. Then
to have an encrypted filing system will solve your immedient problem. I
currently have all my mutt/gpg/passwords/personnel stuff on a 10Mb
cryptographic filing system. This solves my problem of the tmp files however
I am the root guy of my own laptop and I can trust myself :) However a lot
of countries (uk/us and probably others, lots in the eu I would imagine) have
encryption laws, not preventing it but permiting them to throw you in jail
unless you hand over your encryption codes. If you don't you get a nice big
fine and 6 months->2 years in jail (in the uk at least). Stegraphy is
probably a better option to avoid this 'problem'
if you want any details on the kerneli crypto patches then do ask. I have
learned lots through the hard way of doing things, and now the data
corruption is no longer a problem ;)
Alex
--
_________________________________________
( BOFH excuse #145: )
( )
( Flat tire on station wagon with tapes. )
( ("Never underestimate the bandwidth of )
( a station wagon full of tapes hurling )
( down the highway" Andrew S. Tanenbaum) )
-----------------------------------------
o ^__^
o (oo)\_______
(__)\ )\/\
||----w |
|| ||
Attachment:
pgpUbE272r4zF.pgp
Description: PGP signature