Re: Mounting an encrypted volume presents the volume to all users on a machine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



  On 10/26/2010 09:44 AM, Matthew Garrett wrote:
> On Tue, Oct 26, 2010 at 12:28:55AM +0200, nodata wrote:
>
>> What I am concerned about is that the volume is mounted for _every_ user
>> on the system to see.
> Only if the permissions are set that way. chmod 0750 /whatever and it
> won't be.
>

I think that the concern is correct and valid - using encrypted block devices 
with a mount time password is quite "weak" for system security in general, it is 
just the easiest way to provide basic crypto. Much better suited for laptops 
than servers where any root user would be able to peruse the mounted volume's 
contents.

There are a host of other ways to do this though - ecryptfs (as Eric Sandeen 
mentioned) does finer grained crypto (even though we are not huge fans of how 
its design) and you can certainly encrypt files individually.

Ric

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux