On Tue, Feb 14, 2017 at 10:50:23AM -0500, Theodore Ts'o wrote: > It also isn't complete, since someone could infer whether or not a > file exists, unless we also completely spike out the dcache, which > would be an even worse performance disaster. > > So the current model is that if you want to protect file, the Unix > permissions do have to be set correctly, and root can read everything. > The presense or absense of keys is *not* currently intended to be an > access control mechanism. Not that root couldn't simply take over any process of the user in question and ptrace its way into issuing arbitrary syscalls...
