Re: Encrypt file while you are using it
On Tuesday 25 November 2008 16:53, Rolf Kutz <rk@vzsze.de> wrote:
> >Whenever you are able to read a file, it has to exist in unencrypted
> >form. Let's say you have an editor or viewer that has builtin-in
> >decryption. It will read the encrypted file, and decrypt it. to be able
> >to work on it, the program has to keep the decrypted form. It also
> >has to send it to some device for you to be able to work on it. The
> >decrypted form will be readable from /dev/mem or /proc/<pid>/mem. by
> >the superuser and (procfs only) your user. It will also be possible
> >for at least the superuser to intercept what is going to the device.
> >There is nothing you can do to prevent these kinds of attacks.
>
> You could use SELinux to prevent these kind of
> attacks.
http://etbe.coker.com.au/2008/11/25/se-linux-and-decrypted-data/
SE Linux can improve things, but it doesn't entirely solve the general problem
presented here. I have addressed this issue with the above blog post.
--
russell@coker.com.au
http://etbe.coker.com.au/ My Main Blog
http://doc.coker.com.au/ My Documents Blog
Reply to: