"A month of sundays ago Mike A. Harris wrote:"
> On Fri, 18 Feb 2000, Alexander Viro wrote:
>
> >> Are there any patches for the kernel, or userland solutions which
> >> allow a user to mount an encrypted filesystem (perhaps through
> >> loopback) which while mounted, root cannot read? Or is this
> >Don't be silly. Hint: su lusername. God, root - what's the difference?
>
> Hehe. Well, yes... That is what I assumed - that it is
> currently NOT possible. It is something that SHOULD be possible
It is possible to make it a bit of a snooping effort. For example,
encrypt individual files FYEO with a public key, then require a
viewer application with which to read them. The viewer needs the
private key. Root has to snoop the session to find it.
Do it remotely and you're OK. I.e. encrypt a file (in which there
is a file system) and export it by NBD to a viewing machine, which
mounts the decrypted system. This is 100% secure. I think I can do
that ..
Peter
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:23 EST