[47] in The Cryptographic File System users list
Re: Protection against superuser?
daemon@ATHENA.MIT.EDU (matthew tebbens)
Thu Apr 23 07:52:06 1998
From owner-cfs-users@research.att.com Thu Apr 23 11:52:05 1998
Return-Path: <owner-cfs-users@research.att.com>
Delivered-To: cfs-mtg@bloom-picayune.mit.edu
Received: (qmail 11251 invoked from network); 23 Apr 1998 11:52:04 -0000
Received: from unknown (HELO rumor.research.att.com) (192.20.225.9)
by bloom-picayune.mit.edu with SMTP; 23 Apr 1998 11:52:04 -0000
Received: from research.att.com ([135.207.30.100]) by rumor; Thu Apr 23 07:47:40 EDT 1998
Received: from amontillado.research.att.com ([135.207.24.32]) by research-clone; Thu Apr 23 07:49:19 EDT 1998
Received: from nsa.research.att.com (majordomo@nsa.research.att.com [135.207.24.155])
by amontillado.research.att.com (8.8.7/8.8.7) with ESMTP id HAA25051;
Thu, 23 Apr 1998 07:49:17 -0400 (EDT)
Received: (from majordomo@localhost) by nsa.research.att.com (8.7.3/8.7.3) id HAA08866 for cfs-users-list; Thu, 23 Apr 1998 07:47:00 -0400 (EDT)
X-Authentication-Warning: nsa.research.att.com: majordomo set sender to owner-cfs-users@nsa.research.att.com using -f
Received: from research.att.com (research-clone.research.att.com [135.207.30.100]) by nsa.research.att.com (8.7.3/8.7.3) with SMTP id HAA08862 for <cfs-users@nsa.research.att.com>; Thu, 23 Apr 1998 07:46:58 -0400 (EDT)
Received: from tebbens.com ([208.195.230.10]) by research-clone; Thu Apr 23 07:48:48 EDT 1998
Received: from localhost by tebbens.com
with smtp id m0ySKV9-000NVSC
(Debian Smail-3.2 1996-Jul-4 #2); Thu, 23 Apr 1998 07:49:15 -0400 (EDT)
Date: Thu, 23 Apr 1998 07:49:15 -0400 (EDT)
From: matthew tebbens <matthew@tebbens.com>
To: Manuel Panea <mpd@rzg.mpg.de>
cc: cfs-users@research.att.com
Subject: Re: Protection against superuser?
In-Reply-To: <Pine.HPP.3.96.980423120219.4843G-100000@netadm.ipp-garching.mpg.de>
Message-ID: <Pine.LNX.3.96.980423073730.16642D-100000@backup.tebbens.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cfs-users@research.att.com
Precedence: bulk
I've installed CFS and I think its great, although I might try tCFS.
I use CFS directories for my mail, netscape, personal and business
files. This way if my computer falls into the wrong hands, no one
can read my mail...etc
CFS is used for 'on-the-fly' encryption. So you only have to enter
the password ONCE on bootup, or when you want to use it.
As far as root being able to go anywhere..... I would only use/install
cfs on a system where I am the only person as root. I don't think
I would trust to use CFS remotely, or on a system where I didn't have
root. I do use CFS on one remote system, but I am root on that system,
and I also use SSH to get to that system...
Matthew
On Thu, 23 Apr 1998, Manuel Panea wrote:
>
> Hi all,
>
> sometime ago I downloaded and installed cfs on my workstation. After
> testing it, I still don't get the point of cfs:
>
> In a normal Unix environment, if I want to avoid that other users read my
> files I just have to set the file-access permissions accordingly and
> that's it. Only "root" can still read my files, so I can encrypt (e.g.
> with the "crypt" command) any files I do not want "root" to read. cfs
> makes it a little more comfortable because I do not have to type a
> password for every file I want to encrypt or decrypt, but then the
> protection against "root" is lost because "root" can anytime go to my
> mounted cfs-filesystem and read everything anyway.
>
> So, am I missing something here? What's the point of cfs? How are you
> people using it?
>
>
> ---------------------------------------------------------------------------
> Manuel Panea <mpd@rzg.mpg.de> http://www.rzg.mpg.de/~mpd
> Rechenzentrum Garching, Germany
> ---------------------------------------------------------------------------
>
>
>
>
>
