[48] in The Cryptographic File System users list
Re: Protection against superuser?
daemon@ATHENA.MIT.EDU (John R MacMillan)
Thu Apr 23 09:06:09 1998
From owner-cfs-users@research.att.com Thu Apr 23 13:06:07 1998
Return-Path: <owner-cfs-users@research.att.com>
Delivered-To: cfs-mtg@bloom-picayune.mit.edu
Received: (qmail 13191 invoked from network); 23 Apr 1998 13:06:05 -0000
Received: from unknown (HELO rumor.research.att.com) (192.20.225.9)
by bloom-picayune.mit.edu with SMTP; 23 Apr 1998 13:06:05 -0000
Received: from research.att.com ([135.207.30.100]) by rumor; Thu Apr 23 09:01:37 EDT 1998
Received: from amontillado.research.att.com ([135.207.24.32]) by research-clone; Thu Apr 23 09:03:19 EDT 1998
Received: from nsa.research.att.com (majordomo@nsa.research.att.com [135.207.24.155])
by amontillado.research.att.com (8.8.7/8.8.7) with ESMTP id JAA26135;
Thu, 23 Apr 1998 09:03:16 -0400 (EDT)
Received: (from majordomo@localhost) by nsa.research.att.com (8.7.3/8.7.3) id JAA08988 for cfs-users-list; Thu, 23 Apr 1998 09:01:00 -0400 (EDT)
X-Authentication-Warning: nsa.research.att.com: majordomo set sender to owner-cfs-users@nsa.research.att.com using -f
Received: from research.att.com (research-clone.research.att.com [135.207.30.100]) by nsa.research.att.com (8.7.3/8.7.3) with SMTP id JAA08984 for <cfs-users@nsa.research.att.com>; Thu, 23 Apr 1998 09:00:58 -0400 (EDT)
Received: from unknown.interlog.com ([206.108.93.9]) by research-clone; Thu Apr 23 09:02:00 EDT 1998
Received: from localhost (8.8.4/8.8.4) with ESMTP id JAA13207 for <cfs-users@research.att.com>; Thu, 23 Apr 1998 09:01:57 -0400
To: cfs-users@research.att.com
Subject: Re: Protection against superuser?
In-reply-to: Message <Pine.LNX.3.96.980423073730.16642D-100000@backup.tebbens.com> from
matthew tebbens <matthew@tebbens.com> on
"Thu, 23 Apr 1998 07:49:15 EDT"
Date: Thu, 23 Apr 1998 09:01:57 -0400
Message-ID: <13205.893336517@localhost>
From: John R MacMillan <john@interlog.com>
Sender: owner-cfs-users@research.att.com
Precedence: bulk
|As far as root being able to go anywhere..... I would only use/install
|cfs on a system where I am the only person as root. I don't think
|I would trust to use CFS remotely, or on a system where I didn't have
|root.
I use CFS on a system at work where others have root. It's obviously
not as secure in that environment as it is here at home, so I don't
keep anything particularly sensitive there, but it does have some
advantages. For instance, system backups only contain the encrypted
files. Also, I only cattach the directory while I'm using it, so it
would not be unlikely that I would notice someone else logging onto
my machine as root (that is, the `attacker' would have a fairly high
risk of being discovered).
