RE: Mutt & tmp files -- Root is not my Enemy

To: "Petro" <petro@auctionwatch.com>, "Florian Bantner" <f.bantner@axon-e.de>
Cc: <debian-security@lists.debian.org>
Subject: RE: Mutt & tmp files -- Root is not my Enemy
From: "Howland, Curtis" <howlandc@kvh.co.jp>
Date: Wed, 21 Nov 2001 09:01:57 +0900
Message-id: <[🔎] FBBD2DD3FF1ECA42817E762126D2FB0E05B914@jpkvhms2.tel.kvh.co.jp>

There is also this How-To:

http://www.linux.org/docs/ldp/howto/Loopback-Encrypted-Filesystem-HOWTO.
html

I've been thinking that a 100 or 500MB encrypted loop device per user,
mounted as a subdirectory under the individual users home, would be
effective. It doesn't encrypt the entirety of the disk, nor all of the
home directory, but could be (for instance) the KDE or GNOME "Desktop"
folder, and anything there would be hid from prying eyes.

The same caviats, "when you're logged in it's wide open" and "it's only
as good as your passphrase" apply.

Thoughts?

Curt-

-----Original Message-----
From: Petro [mailto:petro@auctionwatch.com]
Sent: Wednesday, November 21, 2001 04:51
To: Florian Bantner
Cc: debian-security@lists.debian.org
Subject: Re: Mutt & tmp files -- Root is not my Enemy


On Tue, Nov 20, 2001 at 02:47:56PM +0100, Florian Bantner wrote:
> On Die, 20 Nov 2001, Rolf Kutz wrote:
> > Florian Bantner (f.bantner@axon-e.de) wrote:
> > > A fact about which I'm concerned
> > > even more than about a hack from outside via the internet etc. is
> > > real physical access to the box. Something hackers normaly don't
pay
> > > enough attention is that just somebody steps - let's say 6 o'clock
> > > in the morning - into your room, shows you his police card - or
what ever
> > > govermental id card - and tells you that your computer is now his.
> > Use TMPFS. Encrypt your disk or do everything in
> > RAM (maybe set up a diskless system booting from
> > cd. See the bootcd-package). They might still be
> > bugging your hardware.
> I don't know tmpfs. What I'm currently thinging about is:
> * Create for every user a directory under his home.
> * Use some kind of ram-disk device.
> * Perhaps (just to be sure) encrypt it. Perhaps that's where I need
>   some kind of encrypting filesystem (do I?). I'm not experienced in
>   fs encryption. How do I mount such devices. Which encryption is
>   used? When to enter passphrase?

    Several years ago Matt Blaze published a bit of code that mounted
    encrypted files via the loop interface as home directories. It was
    fairly resource intensive, and hence not really scaleable. It is
    good for protecting against casual browsing, but while you're logged
    in to the machine (and hence have your home dir mounted) then it's
    just like a normal home directory. 

    Found it
 
http://www.ibiblio.org/pub/Linux/docs/faqs/security/Cryptographic-File-S
ystem

    Seems I mis-remember bits of it. 

 

-- 
Share and Enjoy. 


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Mutt & tmp files -- Root is not my Enemy
  - From: Alexander Clouter <alexander.clouter@ic.ac.uk>

Prev by Date: Re: buffer overflow in /bin/gzip?
Next by Date: Re: Mutt & tmp files -- Root is not my Enemy
Previous by thread: Re: Mutt & tmp files -- Root is not my Enemy
Next by thread: Re: Mutt & tmp files -- Root is not my Enemy
Index(es):
- Date
- Thread