Andreas Kostyrka writes: >> >> At the moment, I'm wandering around the source code for __libc_read() and >> __libc_write() to see if there's a good way to hijack a program's >> read() and write() calls, so if they are to a file that's marked as >> encrypted the data can go through encrypt() on the way.... > >Yes, you can in theory do that. E.g. use a LD_PRELOAD library. >BUT, here come the pitfalls: > >a) you need to keep extreme exact file positions. Or use lseek on >every read/write to get your place in the file.
Worse, you get a (blocksize) granularity on file position, where (blocksize) is the block size of the encryption algorithm (and this assumes a block cipher with the blocks handled independently). >b) mmap. I haven't come across many applications that use mmap for file i/o (now I'll bet you'll give some critical examples!) >c) from my experience, stdio.h, C++ streams and unistd.h read/write >reach a different site for the kernel syscall. That might have changed >or have been an artifact of LD_PRELOADing into the app. This doesn't strike me as a biggy... >So encryptfs sounds way more useful for that usage. But it has the "encryption jail" drawback. _______________________________________________ OpenMoko community mailing list [email protected] http://lists.openmoko.org/mailman/listinfo/community
