From: Theodore Ts'o <tytso@mit.edu>
To: "U.Mutlu" <for-gmane@mutluit.com>
Cc: linux-ext4@vger.kernel.org
Subject: Re: generic question: user-only directory w/o root access
Date: Fri, 5 Jun 2015 20:33:23 -0400 [thread overview]
Message-ID: <20150606003323.GC26550@thunk.org> (raw)
In-Reply-To: <mkst24$nbb$1@ger.gmane.org>
On Fri, Jun 05, 2015 at 09:24:51PM +0200, U.Mutlu wrote:
> true, the dangers and challenges are high. The solution I finally
> found took me unfortunately a long time to find it, and I know of
> no other open-source solution to achieve what I described,
> because of the unfortunate 'root is king and user is nobody' mentality
> and reality we have.
> But as described, in some security environments the user needs
> a truly private space on the system where nobody else has access to.
"where nobody else has access" is impossible on a shared system.
Period. There reason why there is no other open-source solution is
because there *is* no open source solution, period. You can't have an
open source solution that perfromances something which is by
definition impossible.
If someone needs truly private space, the only thing they can do is to
use their own hardware, purcahsed at a computer store, and then to use
a system like Tails[1] booted from a read-only USB stick.
[1] https://tails.boum.org/
... and even then they have to trust the people who implemented the
Tails system, and the people who implemented the firmware on the
computer system, and if the system was shipped to you, you have to
trust that the NSA hasn't intercepted the hardware and compromised the
hardware.
[2] http://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/
> I think the filesystem could indeed implement such a "user-only" directory,
> because the FUSE-API wrapper showed me that it is indeed possible
> to implement that idea. I would suggest to add this feature to ext4,
> and that new feature could be a real game-changer (yes, I know another
> bold statement) in IT security.
Sorry, I'm not willing to advertise that a file system has a feature
which is a pure snake oil --- someone claiming that this can be done
is making a fradulently untrue statement.
Regards,
- Ted
next prev parent reply other threads:[~2015-06-06 0:33 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-31 16:07 generic question: user-only directory w/o root access U.Mutlu
2015-05-31 18:59 ` Theodore Ts'o
2015-05-31 22:45 ` U.Mutlu
2015-05-31 23:14 ` U.Mutlu
2015-06-01 1:39 ` Linux unshare -m for per-process private filesystem mount points U.Mutlu
2015-06-04 1:44 ` generic question: user-only directory w/o root access Theodore Ts'o
2015-06-04 11:29 ` Lukáš Czerner
2015-06-04 13:24 ` U.Mutlu
2015-06-05 14:14 ` Theodore Ts'o
2015-06-05 19:24 ` U.Mutlu
2015-06-06 0:33 ` Theodore Ts'o [this message]
2015-06-06 7:19 ` U.Mutlu
2015-06-06 15:42 ` Theodore Ts'o
2015-06-06 17:46 ` U.Mutlu
2015-06-06 19:48 ` Theodore Ts'o
2015-06-08 0:12 ` U.Mutlu
2015-06-08 3:18 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150606003323.GC26550@thunk.org \
--to=tytso@mit.edu \
--cc=for-gmane@mutluit.com \
--cc=linux-ext4@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).