Input Desired -- sorry if this is not the forum.

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: "ext3crypt" <ext3crypt@comcast.net>
To: <linux-kernel@vger.kernel.org>
Subject: Input Desired -- sorry if this is not the forum.
Date: Tue, 13 Sep 2005 10:07:41 -0400	[thread overview]
Message-ID: <PFEILFFLMPNHAOBNBGPJIEFGCAAA.ext3crypt@comcast.net> (raw)

Hi,

I'm currently working on a kernel modification to extend the EXT3 file
system to include encryption based on file ownership.

This is an experimental graduate project for Penn State that may result in a
proposed patch.

Each user and group has an encryption key and files are encrypted with
the key based on permissions.  The issues is what should I do about
"root" access, since root has free access to everything.  There are two
goals -- transparency (everything works like it did without encryption but
slower)
and security (for root it conflicts with transparency).

I can maintain free access -- but the overall security is weakened
since an attacker will only need to gain the root encryption key to
authenticate.

I can disallow access to files for root based on the permissions --
which may cause applications to stop working properly, since they may
count on root's special privlages.

I can allow access to files that are encrypted and root does not have
permissions to as ciphertext and the files root does have access to as
plaintext.

Other ideas are welcome.

                 reply	other threads:[~2005-09-13 14:07 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=PFEILFFLMPNHAOBNBGPJIEFGCAAA.ext3crypt@comcast.net \
    --to=ext3crypt@comcast.net \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox