On Fri, Mar 24, 2006 at 09:45:07AM +0100, Erik Norgaard wrote:
> It is not that file permissions doesn't work but having data that is not 
> yours unencrypted lowers the barrier for trespassing. Evil admins - even 
> if only temporarily evil - can access data they shouldn't.
If you setup some automounting of encrypted user home directories, then
there are two cases:
 1) user must enter some additional password/key for encrypted device
 2) user does not need additional password.

In (2) case all user private keys are accessible by evil admin, so he
can mount user's home directory.

In (1) case "evil" admin can setup keylogger etc., to log all user input
including passwords and still have access to user's files.

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to