********* ***************** ********** **** ***** ***** ************
To subject Re: Userland encrypted filesystem that root cannot access.
mharris@meteng.on.ca (Mike A. Harris) wrote:
********** ******************** ****** ******** ******* *************
> On Fri, 18 Feb 2000, Alexander Viro wrote:
>
> >> Are there any patches for the kernel, or userland solutions which
> >> allow a user to mount an encrypted filesystem (perhaps through
> >> loopback) which while mounted, root cannot read? Or is this
> >> concept beyond Linux currently?
> >>
> >> I'm thinking of the case where the superuser can admin the
> >> machine but due to confidentiality, the data must not be readable
> >> by root under any circumstance. Possible?
> >
> >Don't be silly. Hint: su lusername. God, root - what's the difference?
>
> Hehe. Well, yes... That is what I assumed - that it is
> currently NOT possible. It is something that SHOULD be possible
> sometime in the future though. There are systems out there, in
> which for military reasons, or perhaps other top secret reasons
> that files need to remain top secret and not visible to any
> system admin person. I'm thinking here of A or B class
> security.. which is likely a long way off.. Oh well, it was
> worth asking anyways..
There are already several Linux solutions for real access control, e.g.
RSBAC (www.rsbac.de).
Amon.
-- Please remove second ao for E-Mail reply - no spam please! ## CrossPoint v3.11 ##- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Feb 23 2000 - 21:00:28 EST