|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From owner-cfs-users@research.att.com Thu Apr 23 17:50:04 1998 Return-Path: <owner-cfs-users@research.att.com> Delivered-To: cfs-mtg@bloom-picayune.mit.edu Received: (qmail 23258 invoked from network); 23 Apr 1998 17:50:03 -0000 Received: from unknown (HELO rumor.research.att.com) (192.20.225.9) by bloom-picayune.mit.edu with SMTP; 23 Apr 1998 17:50:03 -0000 Received: from research.att.com ([135.207.30.100]) by rumor; Thu Apr 23 13:45:38 EDT 1998 Received: from amontillado.research.att.com ([135.207.24.32]) by research-clone; Thu Apr 23 13:47:28 EDT 1998 Received: from nsa.research.att.com (majordomo@nsa.research.att.com [135.207.24.155]) by amontillado.research.att.com (8.8.7/8.8.7) with ESMTP id NAA02826; Thu, 23 Apr 1998 13:47:21 -0400 (EDT) Received: (from majordomo@localhost) by nsa.research.att.com (8.7.3/8.7.3) id NAA09770 for cfs-users-list; Thu, 23 Apr 1998 13:45:00 -0400 (EDT) X-Authentication-Warning: nsa.research.att.com: majordomo set sender to owner-cfs-users@nsa.research.att.com using -f Received: from research.att.com (research-clone.research.att.com [135.207.30.100]) by nsa.research.att.com (8.7.3/8.7.3) with SMTP id NAA09766 for <cfs-users@nsa.research.att.com>; Thu, 23 Apr 1998 13:44:58 -0400 (EDT) Received: from pppl.gov ([192.55.106.85]) by research-clone; Thu Apr 23 13:47:05 EDT 1998 Received: from orion.pppl.gov (karney@orion.pppl.gov [198.35.4.73]) by pppl.gov (8.8.6/8.8.5) with ESMTP id NAA17834; Thu, 23 Apr 1998 13:46:37 -0400 (EDT) Received: (from karney@localhost) by orion.pppl.gov (8.8.8/8.8.8) id NAA07625; Thu, 23 Apr 1998 13:46:49 -0400 (EDT) Date: Thu, 23 Apr 1998 13:46:49 -0400 (EDT) Message-Id: <199804231746.NAA07625@orion.pppl.gov> From: Charles Karney <karney@pppl.gov> To: mpd@rzg.mpg.de CC: cfs-users@research.att.com In-reply-to: <Pine.HPP.3.96.980423120219.4843G-100000@netadm.ipp-garching.mpg.de> (message from Manuel Panea on Thu, 23 Apr 1998 12:14:37 +0200 (METDST)) Subject: Re: Protection against superuser? Reply-to: karney@princeton.edu References: <Pine.HPP.3.96.980423120219.4843G-100000@netadm.ipp-garching.mpg.de> Sender: owner-cfs-users@research.att.com Precedence: bulk Another advantage I didn't see mentioned is that CFS is network safe. Consider the following: * you are logged into computer A (preferably a system over which you have control on root access); * your data is on computer B (a large workstation, maybe lots of people have root access); B exports the data to A via NFS; * the network between A and B is unsafe (e.g., it is vulnerable to sniffing). You run CFS on A; the data on B's disks is encrypted; the data on backup tapes is encrypted; only encrypted data appears on the network. Unauthorized access to the unencrypted data requires a compromise of A either as you or as root while you are using CFS. -- Charles Karney Plasma Physics Laboratory E-mail: Karney@Princeton.EDU Princeton University Phone: +1 609 243 2607 Princeton, NJ 08543-0451 FAX: +1 609 243 3438
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |