| View previous topic :: View next topic |
| Author |
Message |
-SPM-Mad
n00b
Joined: 25 Dec 2007
Posts: 57
|
 Posted: Sat Jun 20, 2009 8:37 pm Post subject: Encypting my files, without opening them to root? |
 |
|
Hello everyone,
I am one of two admins on a machine, i.e. with root provileges. As my normal user I want to encrypt and hide my files not only from other users, but from root!
Ofcourse as root, one could always attach a debugger, scan the memory or sniff anything (any key) the users enters. There is no chance to prevent this, I know. But this also implies that the root user actively tries to hack the encryption!
In contrast, an encrypted loopback-device that I mount as my user, is something root can simply access, without hacking the memory!
Any encryption I know of (encrypted loopback-devices or fuse-based file-encryption) implies that I have to mount the encrypted data somewhere after authenticating and only protect it by the basic file-permission posibilites of linux - which do not apply to the root user.
What I want would be an encryption that gives a transparent acces to the filesystem, encrypting on the fly only for a certain user / certain processes.
Is something remotely similar possible?
One technical approach I could imagine is a virtual filesystem that transparently encrypts and decrypts together with a 'sandbox-like' application. I run my programms in this sandbox and they write to the virtual filesystem instead of the real one - but I do not know of any solution like this.
Hopefully my explanation is understandable  |
|
| Back to top |
|
 |
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23066
|
| Posted: Sun Jun 21, 2009 4:29 pm Post subject: |
|
|
| You may be able to do this with SELinux or GRsecurity. In general, this is considered not to be a worthwhile exercise, and it would be both simpler and more reliable to solve this through social means. Ask the other administrator to stay out of your files. |
|
| Back to top |
|
|
-SPM-Mad
n00b
Joined: 25 Dec 2007
Posts: 57
|
| Posted: Tue Jun 23, 2009 9:23 pm Post subject: |
|
|
I see the problem with my own suggestion. Even when virtualizing the processes, the other user could still just use 'su' and then start any process to browse my files.
Oh well, I assume I need to trust him then. Thanks anyways for the hints about SELinux and GRsecurity... the topic is interesting enough to read more about it =) |
|
| Back to top |
|
|
timeBandit
Bodhisattva
Joined: 31 Dec 2004
Posts: 2719
Location: here, there or in transit
|
| Posted: Tue Jun 23, 2009 10:05 pm Post subject: |
|
|
Even if you trust the other guy, accidental exposure of decrypted files is always a possibility. Even superusers make mistakes. Also, should the trusted relationship ever erode, you might not realize it until your secrets are public. Finally, as you know there is no perfect defense against a root user with sufficient interest, skill and determination.
Anything too sensitive for other administrators to see does not belong on the machine. Move it somewhere else.
_________________
Plants are pithy, brooks tend to babble--I'm content to lie between them.
Super-short f.g.o checklist: Search first, strip comments, mark solved, help others. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
