Anand, Am 14.02.2017 um 13:50 schrieb Anand Jain: > > Hi Richard, > > >>> As of now root[1] can access the plain-text when the data is cached >>> by the user-with-the-key and, root gets error no-key when data is >>> not cached by the user-with-the-key. I think this behavior is a >>> bug if not, wrong design, or looks like I am missing something. >>> >>> [1] for that matter any user who has read access to the files but >>> does not have the keys. >> >> Well, as soon the key is loaded plaintext of pages and filenames will be >> stored in page- and dcache and any users that can access the files will >> see the plaintext. >> >> If you want to keep /secret really secret you have to apply correct DAC/MAC >> permissions as well. >> Or put /secret into a private mount namespace. > > Right. Keeping the secret really secret wasn't the point I was trying to make instead, irrespective of whether the plain-text is cached or not-cached by the key-user, the behavior > for the no-key-user access has to be constant. More about it is in the email above. Hmmm, your fear is that a backup tool will sometimes store the unencrypted file and sometimes not? I'd argue that such a tool should either have the key or no search access to /secret. Thanks, //richard
