[53] in The Cryptographic File System users list

home help back first fref pref prev next nref lref last post

Re: Protection against superuser?

daemon@ATHENA.MIT.EDU (matthew tebbens)
Thu Apr 23 13:08:03 1998

From owner-cfs-users@research.att.com Thu Apr 23 17:08:02 1998
Return-Path: <owner-cfs-users@research.att.com>
Delivered-To: cfs-mtg@bloom-picayune.mit.edu
Received: (qmail 21701 invoked from network); 23 Apr 1998 17:08:02 -0000
Received: from unknown (HELO rumor.research.att.com) (192.20.225.9)
  by bloom-picayune.mit.edu with SMTP; 23 Apr 1998 17:08:02 -0000
Received: from research.att.com ([135.207.30.100]) by rumor; Thu Apr 23 13:03:39 EDT 1998
Received: from amontillado.research.att.com ([135.207.24.32]) by research-clone; Thu Apr 23 13:05:36 EDT 1998
Received: from nsa.research.att.com (majordomo@nsa.research.att.com [135.207.24.155])
	by amontillado.research.att.com (8.8.7/8.8.7) with ESMTP id NAA01866;
	Thu, 23 Apr 1998 13:05:30 -0400 (EDT)
Received: (from majordomo@localhost) by nsa.research.att.com (8.7.3/8.7.3) id NAA09669 for cfs-users-list; Thu, 23 Apr 1998 13:03:00 -0400 (EDT)
X-Authentication-Warning: nsa.research.att.com: majordomo set sender to owner-cfs-users@nsa.research.att.com using -f
Received: from research.att.com (research-clone.research.att.com [135.207.30.100]) by nsa.research.att.com (8.7.3/8.7.3) with SMTP id NAA09665 for <cfs-users@nsa.research.att.com>; Thu, 23 Apr 1998 13:02:58 -0400 (EDT)
Received: from tebbens.com ([208.195.230.10]) by research-clone; Thu Apr 23 13:03:21 EDT 1998
Received: from localhost by tebbens.com
	 with smtp id m0ySPPc-000NVSC
	(Debian Smail-3.2 1996-Jul-4 #2); Thu, 23 Apr 1998 13:03:52 -0400 (EDT)
Date: Thu, 23 Apr 1998 13:03:52 -0400 (EDT)
From: matthew tebbens <matthew@tebbens.com>
To: MMS26 <mms@speakeasy.org>
cc: Manuel Panea <mpd@rzg.mpg.de>, cfs-users@research.att.com
Subject: Re: Protection against superuser?
In-Reply-To: <Pine.SUN.3.96.980423084813.29408A-100000@eve.speakeasy.org>
Message-ID: <Pine.LNX.3.96.980423123939.17995A-100000@backup.tebbens.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cfs-users@research.att.com
Precedence: bulk


I think the hardest part of keeping data secured using CFS or another
method is how you handle the key. Its VERY easy to type in the key over a
non-secured connection by mistake. Thats why everyone should create/use
a very long key, infact CFS requires 16 characters I think.

Also, NEVER say the key, write it down on a piece of paper or save it on
your computer system. The ONLY place a key for ssh, cfs or pgp...etc
should be stored is in your brain ! :) (should be safe there for atleast
10-20 years)   After they break that....hmmmm well...

Matthew



On Thu, 23 Apr 1998, MMS26 wrote:

> On Thu, 23 Apr 1998, Manuel Panea wrote:
> 
> > password for every file I want to encrypt or decrypt, but then the
> > protection against "root" is lost because "root" can anytime go to my
> > mounted cfs-filesystem and read everything anyway.
> > 
> > So, am I missing something here? What's the point of cfs? How are you
> > people using it?
> > 
> > 
> 
> predominantly on single user workstations. id be very interested to
> find out what OS flavor/version you are using. personally, i am
> currently using cfs-1.3.3 under bsdi-3.1, openbsd, and solaris-2.6
> and havent seen the behavior you mention. there are some fairly
> major security concerns and dependencies you might want to address or 
> have in place ( wiestse's latest portmap/rpcbind, additional packet
> filtering, using ssh to connect to the host for remote sessions, basic
> nfs security for what its worth ), but so far the only severe issue
> i have come across under the aforementioned platforms is that if
> any user account can put lo0 in promisc. mode they can see and dump
> out any data from cfs that you manipulate ( file names and the 
> contents ). 
> 
> for my needs this really isnt an issue, as i only use cfs on single
> user workstations that dont run any ancilary services, and have been
> locked down. you might be better suited by using something like pgp
> with "-c" to encrypt archives.
> 
> cfs is so incredibly usefull that its one of those utilities i 
> install immediately on any new host that fits certain criteria
> ( just like netcat, bash, perl, or ipfilter ). 
> 
> i would not install it on a multi-user host or a host where i did
> not have exclusive control over uid 0.
> 
> MMS26
> 


home help back first fref pref prev next nref lref last post