[51] in The Cryptographic File System users list
Re: Protection against superuser?
daemon@ATHENA.MIT.EDU (MMS26)
Thu Apr 23 12:13:57 1998
From owner-cfs-users@research.att.com Thu Apr 23 16:13:56 1998
Return-Path: <owner-cfs-users@research.att.com>
Delivered-To: cfs-mtg@bloom-picayune.mit.edu
Received: (qmail 19861 invoked from network); 23 Apr 1998 16:13:55 -0000
Received: from unknown (HELO rumor.research.att.com) (192.20.225.9)
by bloom-picayune.mit.edu with SMTP; 23 Apr 1998 16:13:55 -0000
Received: from research.att.com ([135.207.30.100]) by rumor; Thu Apr 23 12:09:43 EDT 1998
Received: from amontillado.research.att.com ([135.207.24.32]) by research-clone; Thu Apr 23 12:11:26 EDT 1998
Received: from nsa.research.att.com (majordomo@nsa.research.att.com [135.207.24.155])
by amontillado.research.att.com (8.8.7/8.8.7) with ESMTP id MAA00525;
Thu, 23 Apr 1998 12:11:18 -0400 (EDT)
Received: (from majordomo@localhost) by nsa.research.att.com (8.7.3/8.7.3) id MAA09443 for cfs-users-list; Thu, 23 Apr 1998 12:09:00 -0400 (EDT)
X-Authentication-Warning: nsa.research.att.com: majordomo set sender to owner-cfs-users@nsa.research.att.com using -f
Received: from research.att.com (research-clone.research.att.com [135.207.30.100]) by nsa.research.att.com (8.7.3/8.7.3) with SMTP id MAA09439 for <cfs-users@nsa.research.att.com>; Thu, 23 Apr 1998 12:08:58 -0400 (EDT)
Received: from eve.speakeasy.org ([199.238.226.1]) by research-clone; Thu Apr 23 12:10:16 EDT 1998
Received: from localhost (mms@localhost) by eve.speakeasy.org (8.8.5/8.7.3) with SMTP id JAA03960
Date: Thu, 23 Apr 1998 09:08:53 -0700 (PDT)
From: MMS26 <mms@speakeasy.org>
To: Manuel Panea <mpd@rzg.mpg.de>
cc: cfs-users@research.att.com
Subject: Re: Protection against superuser?
In-Reply-To: <Pine.HPP.3.96.980423120219.4843G-100000@netadm.ipp-garching.mpg.de>
Message-ID: <Pine.SUN.3.96.980423084813.29408A-100000@eve.speakeasy.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cfs-users@research.att.com
Precedence: bulk
On Thu, 23 Apr 1998, Manuel Panea wrote:
> password for every file I want to encrypt or decrypt, but then the
> protection against "root" is lost because "root" can anytime go to my
> mounted cfs-filesystem and read everything anyway.
>
> So, am I missing something here? What's the point of cfs? How are you
> people using it?
>
>
predominantly on single user workstations. id be very interested to
find out what OS flavor/version you are using. personally, i am
currently using cfs-1.3.3 under bsdi-3.1, openbsd, and solaris-2.6
and havent seen the behavior you mention. there are some fairly
major security concerns and dependencies you might want to address or
have in place ( wiestse's latest portmap/rpcbind, additional packet
filtering, using ssh to connect to the host for remote sessions, basic
nfs security for what its worth ), but so far the only severe issue
i have come across under the aforementioned platforms is that if
any user account can put lo0 in promisc. mode they can see and dump
out any data from cfs that you manipulate ( file names and the
contents ).
for my needs this really isnt an issue, as i only use cfs on single
user workstations that dont run any ancilary services, and have been
locked down. you might be better suited by using something like pgp
with "-c" to encrypt archives.
cfs is so incredibly usefull that its one of those utilities i
install immediately on any new host that fits certain criteria
( just like netcat, bash, perl, or ipfilter ).
i would not install it on a multi-user host or a host where i did
not have exclusive control over uid 0.
MMS26
