Alex Sudakar wrote: > It seems evident, though, that on a shared system, with multiple > people logged in as root on the same machine, any of those > root users will be able to snoop around and read as cleartext > the files I might have on a 'private' filesystem, even if it's mounted > via loop-aes, as the filesystem will be mounted at the time, and > thus visible/decrypted for all. I find that "umount -l" gives a little added privacy. The "Lazy"-umount erases the mountpoint from the global namespace. Effectively erasing it from the radar of any process that hasn't anything "open" inside that particular mountpoint. So. You mount your filesystem. Start an xterm/konsole/<whatever> and cd into the mountpoint. Then umount -l the mountpoint. And voila, no other process can even see that mountpoint. I don't know how secure that is, i guess root may have some way to get to the data. But i don't think there is any easy and/or obvious way to do that. Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
