encrypted drives
Igor Robul
igorr at speechpro.com
Fri Mar 24 14:48:30 UTC 2006
On Fri, Mar 24, 2006 at 09:45:07AM +0100, Erik Norgaard wrote:
> It is not that file permissions doesn't work but having data that is not
> yours unencrypted lowers the barrier for trespassing. Evil admins - even
> if only temporarily evil - can access data they shouldn't.
If you setup some automounting of encrypted user home directories, then
there are two cases:
1) user must enter some additional password/key for encrypted device
2) user does not need additional password.
In (2) case all user private keys are accessible by evil admin, so he
can mount user's home directory.
In (1) case "evil" admin can setup keylogger etc., to log all user input
including passwords and still have access to user's files.
More information about the freebsd-questions
mailing list