Re: Keeping files away from users
On Thu, Jun 05, 2003 at 10:44:47AM +0200, Lars Ellenberg wrote:
>
> or keep an encrypted copy of all relevant files separately, and on
> bootup / service startup you decrypt it temporarily to the correct
> location, start the service, and unlink it again (after you wiped it
> with garbage, of course ;-] ). (will probably not work if services try
> to be smart and reread their conf files on a regular basis...)
I'm almost certain it's a bad idea for two reasons:
-- only data is encrypted, not file system metadata. This means
an attacker might find additional information you wouldn't
share otherwise e.g. extended attributes
-- you just don't know where all the pieces of a sensitive file
during its lifetime are scattered on your disk. Some bits
may remain here or there--who knows? There's no guarantee
that overwriting the file with garbage (wiping) destroys
the staying bits.
A few months ago there was a thread on this topic on
linux-fsdevel in which you'll find these points explained in more
detail.
bit,
adam
--
1024D/37B8D989 954B 998A E5F5 BA2A 3622 82DD 54C2 843D 37B8 D989
finger://borso@vekoll.vein.hu | Some days, my soul's confined
http://www.keyserver.net | And out of mind
Sleep forever
Reply to: