Re: encrypted drives
On Wed, Mar 22, 2006 at 10:14:32AM +0100, Erik Norgaard wrote: home partition which is fine for single user laptops, but on multiuser systems, each home directory should be distinct encrypted partitions in order not to disclose data to other users. Maybe I'm wrong, but what happened with file system permissions? :-) You can encrypt /home and then set 0700 permissions on user home directories. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: encrypted drives
Igor Robul wrote: On Wed, Mar 22, 2006 at 10:14:32AM +0100, Erik Norgaard wrote: home partition which is fine for single user laptops, but on multiuser systems, each home directory should be distinct encrypted partitions in order not to disclose data to other users. Maybe I'm wrong, but what happened with file system permissions? :-) You can encrypt /home and then set 0700 permissions on user home directories. It is not that file permissions doesn't work but having data that is not yours unencrypted lowers the barrier for trespassing. Evil admins - even if only temporarily evil - can access data they shouldn't. On any system I share I would prefer to know that when I'm not there not even the sysadmin can access them. And I believe that anyone would prefer that. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: encrypted drives
On Fri, Mar 24, 2006 at 09:45:07AM +0100, Erik Norgaard wrote: It is not that file permissions doesn't work but having data that is not yours unencrypted lowers the barrier for trespassing. Evil admins - even if only temporarily evil - can access data they shouldn't. If you setup some automounting of encrypted user home directories, then there are two cases: 1) user must enter some additional password/key for encrypted device 2) user does not need additional password. In (2) case all user private keys are accessible by evil admin, so he can mount user's home directory. In (1) case evil admin can setup keylogger etc., to log all user input including passwords and still have access to user's files. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: encrypted drives
On 3/22/06, Erik Norgaard [EMAIL PROTECTED] wrote: 2) One thing is to create an entire encrypted device for /home. But that have the unfortunate consequence that other user's data is unencrypted once the system is up. What would be more appropriate is a solution where each home-dir is an encrypted mfs which is decrypted and mounted when the user log in, is this possible? I think this is exactly what Mac OS X does with its FileVault feature. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: encrypted drives
Erik Norgaard wrote: Hi: 1) I was thinking, what is the performance penalty of storing data on an encrypted device? Sure, for writing documents, coding and stuff, I guess the performance loss is insignificant, but for music and video which then needs to be decrypted and then decoded, is this a problem? 2) One thing is to create an entire encrypted device for /home. But that have the unfortunate consequence that other user's data is unencrypted once the system is up. What would be more appropriate is a solution where each home-dir is an encrypted mfs which is decrypted and mounted when the user log in, is this possible? If not, then the alternative would be to have a private mfs in the user's home dir which is mounted after login, but I think yet the user needs root access to mount encrypted devices. Is there any possibility for users to mount their own encrypted mfs? Thanks, Erik Hi Erik, Perhaps this would interest you: http://events.ccc.de/congress/2005/fahrplan/attachments/586-paper_Complete_Hard_Disk_Encryption.pdf --Duane ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: encrypted drives
Kenyon Ralph wrote: On 3/22/06, Erik Norgaard [EMAIL PROTECTED] wrote: 2) One thing is to create an entire encrypted device for /home. But that have the unfortunate consequence that other user's data is unencrypted once the system is up. What would be more appropriate is a solution where each home-dir is an encrypted mfs which is decrypted and mounted when the user log in, is this possible? I think this is exactly what Mac OS X does with its FileVault feature. I was just reading this column by Kelly Martin http://www.securityfocus.com/columnists/393 when I wrote this, but the FreeBSD solution may not be so simple as the OSX. Now, the FileVault according to the article encrypts the entire home partition which is fine for single user laptops, but on multiuser systems, each home directory should be distinct encrypted partitions in order not to disclose data to other users. In this case, you would also like the ability to dynamically grow the filesystem when more space is needed, unless ofcourse you simply say, that's the hard quota limit. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: encrypted drives
On 3/22/06, Erik Norgaard [EMAIL PROTECTED] wrote: Kenyon Ralph wrote: On 3/22/06, Erik Norgaard [EMAIL PROTECTED] wrote: 2) One thing is to create an entire encrypted device for /home. But that have the unfortunate consequence that other user's data is unencrypted once the system is up. What would be more appropriate is a solution where each home-dir is an encrypted mfs which is decrypted and mounted when the user log in, is this possible? I think this is exactly what Mac OS X does with its FileVault feature. I was just reading this column by Kelly Martin http://www.securityfocus.com/columnists/393 when I wrote this, but the FreeBSD solution may not be so simple as the OSX. Now, the FileVault according to the article encrypts the entire home partition which is fine for single user laptops, but on multiuser systems, each home directory should be distinct encrypted partitions in order not to disclose data to other users. In this case, you would also like the ability to dynamically grow the filesystem when more space is needed, unless ofcourse you simply say, that's the hard quota limit. Actually, the article says FileVault encrypts a user's entire home directory, settings and all data. I have a PowerBook and I used to use FileVault on it. From my observations, it works by making an encrypted Disk Image file of your home directory which is mounted and unmounted at login and logoff. It is a special disk image called a sparse image which can grow, but can't be shrunk while the image is mounted. This is mostly why I stopped using FileVault--doing a lot of I/O in my homedir caused the sparse image to gradually grow, then I'd eventually have to logoff and let it recover all the gaps in the image, a slow process. There is a different image for each user, so it works in multiuser environments. OS X keeps your unix passwd and the disk image decryption passphrase synchronized if you use the OS X GUI to change your password. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: encrypted drives
Erik Norgaard wrote: Is there any possibility for users to mount their own encrypted mfs? I played a bit with mdconfig and gbde: 1) it seems that ordinary users cannot create any devices. I guess this should be configurable in devfs.rules or devfs.conf? At least that would allow user creation of a memory disk. 2) changning owner of the created md0 I as user cannot create the encrypted device with gbde. It is not clear to me if this is for the same problem as in 1) or if gbde futher messes with the kernel? Any solution on the above? Using geli appears to be the same as for gbde. Thanks, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: encrypted drives
On Wed, 22 Mar 2006 11:20:34 +0100 Erik Norgaard [EMAIL PROTECTED] wrote: Using geli appears to be the same as for gbde. Using geli here (FreeBSD 6.1-PRERELEASE #0). since this is my (work) laptop, the only (allowed) user is me - I simply use sudo as needed (IOW, yes, mdconfig , geli and mount require root access) You could create wrappers for each user with the sudo option NOPASSWORD so the users can create / mount their devices without entering their password ( user-friendliness ). Or setuid the bins...(without much time to think about it, i prefer sudo...) How to mount the user's homedir would require some changes to how the login process works, i guess (i.e., know that the homedir's contents are encrypted, then mount the disk...)... B ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]