Re: Mounting an encrypted volume presents the volume to all users on a machine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/25/2010 04:40 PM, nodata wrote:

>> Wouldn't they be restricted based on the contents of the encrypted volume?
>
> Yes. Once the volume is mounted it will be treated with normal UNIX
> permissions. So you would have to create a sub-directory on the volume
> where the permissions were strict and create files under that.
>
> My point is that if the disk is encrypted, and the user knows the
> passphrase to access files on the device, then it doesn't make sense to
> let everyone else see what's on the device as well: it only make sense
> to decrypt the device to the user who knows the passphrase.
>
> There's an argument that other people will want to see what's on the
> device too. That's fine: the user can opt-in to that. But secure by
> default should be what we're aiming at.

I encrypt /home... So for my use case it doesn't make much sense. I 
guess I can see the case where you have some random storage that is 
encrypted, however I'm not sure how common this is, and file permissions 
keeps them at bay once mounted anyway. I guess if they could get root, 
once you decrypt they have access, but if they have root... you've got 
other problems.

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux