I really like the idea of using EncFS, however, one of the problems that I can
see (and this may be a problem for me with FUSE altogether) is that so far in
my tests any other session that is created in the name of the mounting user can
also access the mount regardless of whether or not they have the password to
decrypt.
Take the following scenario:
User A logs in and mounts their private EncFS shareUser B logs in and assumes
root and then su's into user AUser B now has full access to User A's encrypted
mounts without knowing their user password or their encryption password
Do you know if there is any way to mitigate this scenario with EncFS?
If possible, it would be great to make it so that the EncFS mount is only
available within the session that did the original mounting. So even if I were
to log in with User A's password, the mount would appear inaccessible.
If not, are there any other suggestions out there?
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Encfs-users mailing list
Encfs-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/encfs-users
