On Fri, Jan 14, 2011 at 12:25:16AM +0530, Umer Q wrote: > >Copy the data from where to where by whom? > > > > You need to be a whole lot more more specific here. > > for eg:- a pen drive is plugged in , my background process will copy > the file he opens to another folder without his knowledge. so later i > can see what he had inside the file . What makes you think the data is buffered on disk? And even if it was (it's not) why would you have more permissions to that buffer than to the mounted pen drive? And if the data on the drive is not encrypted, why does it matter that this theoretical buffer isn't encrypted. Encrypting that buffer wouldn't help you if the FS on the pen drive isn't encrypted. As Greg pointed out, there are encrypted filesystems (several) for Linux that encrypt the files on disk and no plaintext buffer is ever written to another FS. Depending on the implementation of those crypted FSs, it's probably possible, as root, to grab kernel memory snapshots at the right time and see small bits of unencrypted data... but then again, if you have root and access to the kernel, you can pretty much do what you want anyway. -- Phil Dibowitz phil@xxxxxxxx Open Source software and tech docs Insanity Palace of Metallica http://www.phildev.net/ http://www.ipom.com/ "Be who you are and say what you feel, because those who mind don't matter and those who matter don't mind." - Dr. Seuss
Attachment:
signature.asc
Description: Digital signature