Re: Mutt & tmp files -- Root is not my Enemy
On Tue, Nov 20, 2001 at 02:47:56PM +0100, Florian Bantner wrote:
> On Die, 20 Nov 2001, Rolf Kutz wrote:
> > Florian Bantner (f.bantner@axon-e.de) wrote:
> > > A fact about which I'm concerned
> > > even more than about a hack from outside via the internet etc. is
> > > real physical access to the box. Something hackers normaly don't pay
> > > enough attention is that just somebody steps - let's say 6 o'clock
> > > in the morning - into your room, shows you his police card - or what ever
> > > govermental id card - and tells you that your computer is now his.
> > Use TMPFS. Encrypt your disk or do everything in
> > RAM (maybe set up a diskless system booting from
> > cd. See the bootcd-package). They might still be
> > bugging your hardware.
> I don't know tmpfs. What I'm currently thinging about is:
> * Create for every user a directory under his home.
> * Use some kind of ram-disk device.
> * Perhaps (just to be sure) encrypt it. Perhaps that's where I need
> some kind of encrypting filesystem (do I?). I'm not experienced in
> fs encryption. How do I mount such devices. Which encryption is
> used? When to enter passphrase?
Several years ago Matt Blaze published a bit of code that mounted
encrypted files via the loop interface as home directories. It was
fairly resource intensive, and hence not really scaleable. It is
good for protecting against casual browsing, but while you're logged
in to the machine (and hence have your home dir mounted) then it's
just like a normal home directory.
Found it
http://www.ibiblio.org/pub/Linux/docs/faqs/security/Cryptographic-File-System
Seems I mis-remember bits of it.
--
Share and Enjoy.
Reply to: