Re: Linux Filesystem and Security of Files

From: Kasper Dupont (kasperd@daimi.au.dk)
Date: 04/09/03


From: Kasper Dupont <kasperd@daimi.au.dk>
Date: Wed, 09 Apr 2003 23:45:40 +0200

xlendar wrote:
>
> If someone comes, opens the box, gets the hard drive and plugs it in
> to another machine. Would he be able to access the files? Or would the
> filesystem still prevent the access unless the required password (root
> password) is provided? (I mean logging into the system as root)

The filesystem cannot prevent access in such cases. The only way to
protect against unauthorized access by people with physical access to
the media is by encrypting the files. Encryption is not free, it does
require a significant amount of CPU time, which is one of the reasons
why it is not used everywhere. Another limitation is that encryption
of an entire disk is AFAIK not supported by mainstream Linux kernels.

-- 
Kasper Dupont -- der bruger for meget tid på usenet.
For sending spam use mailto:aaarep@daimi.au.dk
for(_=52;_;(_%5)||(_/=5),(_%5)&&(_-=2))putchar(_);


Relevant Pages

  • Re: completely confused about kerneli, cryptoapi and patch-int
    ... the loopback encrypted filesystem its-self.... ... 'unique' kernel patches brought my laptop down to an 'oops' the loopback fs ... down to what you need to do (this I got from the 'Linux Encryption ... su to root and type: ...
    (comp.os.linux.security)
  • Re: encrypted filesystem or files, which is best?
    ... Can filesystem encryption be done on an existing linux filesystem, ... would a person set up filesystem encryption on an existing linux PC, ... If you really want to encrypt your root filesystem, ...
    (comp.os.linux.security)
  • Re: [Full-disclosure] ESFS - The encrypted steganography filesystem
    ... but in this case you can erease the driver whenever you don't ... of a FS could be either random data, or it could be a hidden partition. ... in hopes that it'll become a fully featured filesystem. ... encryption in a filesystem, so you can say "oh, yes, I have encrypted ...
    (Full-Disclosure)
  • Re: [Full-disclosure] ESFS - The encrypted steganography filesystem
    ... A user will require your drivers to access their data and hence the ... of a FS could be either random data, or it could be a hidden partition. ... it's a filesystem. ... encryption in a filesystem, so you can say "oh, yes, I have encrypted ...
    (Full-Disclosure)
  • Re: RFC: pefs - stacked cryptographic filesystem
    ... filesystem. ... I've got to ask a probably dumb question...how is this better then geli ... Stacked filesystem is likely to be slower due to extra overhead ... thing in common - encryption - everything else is different. ...
    (freebsd-current)