On 10/25/2010 06:40 PM, nodata wrote: > On 26/10/10 00:31, Nathanael D. Noblet wrote: >> On 10/25/2010 04:28 PM, nodata wrote: >>> Hi, >>> >>> I'm concerned about the default behaviour of mounting encrypted volumes. >>> >>> The default behaviour is that a user must know and supply a passphrase >>> in order to mount an encrypted volume. This is good: know the >>> passphrase, you get to mount the volume. >>> >>> What I am concerned about is that the volume is mounted for _every_ user >>> on the system to see. >>> The security role and rationale for the filesystem encryption is to prevent the access to lost or stolen media, when you can't rely on the mechanisms existent within the OS. The underlying device encryption technology is not set up to keep track of who is accessing the data after it is decrypted and made available to the system, as you correctly point out. Such user-differentiated authorization is provided by the filesystem access rights, ACLs and SELinux attributes. Note that unlike the first two mechanisms, SELinux can protect the data even for systems with compromised root---as someone said, SELinux can be configured so that you can tell people "here's the root password; now break into my computer". What you are asking for improves security by adding additional depth, but it requires a fairly intensive redesign and reimplementation of the device encryption, so it befall on you to provide a good analysis and justification of the tradeoffs. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
