** On Feb 19, Mike scribbled:
> >> I'm thinking of the case where the superuser can admin the
> >> machine but due to confidentiality, the data must not be readable
> >> by root under any circumstance. Possible?
> >
> >Don't be silly. Hint: su lusername. God, root - what's the difference?
>
> Hehe. Well, yes... That is what I assumed - that it is
> currently NOT possible. It is something that SHOULD be possible
> sometime in the future though. There are systems out there, in
> which for military reasons, or perhaps other top secret reasons
[snip]
Mike, frankly I don't understand your concern :)) - want to protect the
encrypted from anyone, including root? Make a driver that understands the fs
structure, sends the client read data, but doesn't decrypt it - this task
belongs to the client. You protect the client with the password - root can
read the fs (encrypted), can sniff the connection (data still encrypted),
but if the client is additionally tunnelled with, say, ssh - root can only
dream that reading kmem would reveal any data - if the encrypted data is
tunnelled to another machine, the data leaves the source machine encrypted.
Only the person that knows the client's password can read the data.
marek
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:24 EST