soup4you2
April 1st, 2003, 15:30
Ok i'm sure this is easy but i never bothered to look into it.. so before i go though my normal research routines i thought i would give you all a shot at it..

Ok normally you can set file permissions to keep users out of a directory structure.. but what if theres another root user other than yourself.. you still want a place to call home to your private stash of stuff.. So is there anyway a person could encript a tree structure with ease? whats the best overall way of doing this and whats your prefered application for doing this. the more info given the happier i'll be.

|MiNi0n|
April 1st, 2003, 16:00
I think frisco might be your man on this topic. As far as Free goes I don't know how much support for this kind of thing it has natively, but for Open this would be a start:

http://www.backwatcher.org/writing/howtos/obsd-encrypted-filesystem.html

I've looked at it a few times but never gotten around to trying it out.

soup4you2
April 1st, 2003, 17:30
nice... thanks.. looks like it will work on freebsd.. i'll give it a try out tomarrow..

frisco
April 1st, 2003, 18:15
NetBSD has a great device cgd (cryptographic disk) which supports blowfish, 3des and aes.
http://netbsd.gw.com/cgi-bin/man-cgi?cgd++NetBSD-current

OpenBSD has encrypted vnodes
http://www.openbsd.org/cgi-bin/man.cgi?query=vnd
and Ted U. has a port of cgd for OpenBSD as well (though not as robust as NetBSD's and possibly out of date).

I'm not aware of a built-in encrypted device for FreeBSD, but i don't use FreeBSD too much.

All three have a port for cfs located in security/cfs. cfs is "cryptographic file system (user-space NFS server)" http://www.crypto.com/software/

OpenBSD used to have tcfs but i believe that was removed recently and it was panic'ing for me on 3.2. I don't know how it is on Net/Free and its site is down for me right now: http://www.tcfs.it

While it's not necessarily encrypted i might as well also mention stegfs and sfs -
http://www.mcdonald.org.uk/StegFS/
http://koeln.ccc.de/archiv/drt/crypto/linux-disk.html#sfs
Steganography is hiding information in ways so that it appears there is no data there, like hiding text in an image, etc. Stegfs bugged me the last time i looked at it b/c there was a possiblity of losing data.
For command line steganographic utilities there is outguess by Neils Provos (of openssh, systrace, honeyd fame (among other things)) plus some others which allude me at the moment.

If you're just looking to encrypt some files you may find a port like aescrypt useful, or use openssl, something like:
openssl aes-256-cbc -e -kfile $PASSFILE -out $OUTFILE -in $INFILE
where:
$PASSFILE is file w/ password to encrypt with
$OUTFILE is output file
$INFILE is input file

Using an encrypted fs like cgd or vnd may not be your solution as once it is mounted it is viewable by anyone with the right perms. I'm not sure if cfs solves this as i've never had the need to use it. Perhaps something like AFS would help too as it requires authentication by the user? I'm not familiar enough with it.

BUT... let's consider what you're talking about. Someone else with root on your system can install a keygrabber in your shell or read your terminal or trojan anything else so as to still get to your sensitive data. On a standard unix system you may be SOL. The only thing that might help is a pretty much rootless system, maybe use systrace w/ priv escalation to eliminate the possibility of the other root installing such trojans, but that will be a considerable amount of work. More info on where to start: http://marc.theaimsgroup.com/?l=openbsd-tech&m=104818343225696&w=2
Yes, Dug Song is a superstar security expert.

But even then what if the other root reboots and changes things around. If you need to keep data only to yourself then make sure you are the only root.

frisco
April 1st, 2003, 18:34
Stegfs bugged me the last time i looked at it b/c there was a possiblity of losing data.
I should point out that the last time i looked at Stegfs was around 2 years ago.

frisco
April 1st, 2003, 20:06
Some more thoughts i had on the way home:

- set the immutable flag (man chflags) on appropriate binaries (such as your shell and sshd) to ensure the other root doesn't trojan you. Don't forget to set yoursecurelvel appropriately.

- remove root access from the other user, give user same access via sudo, minus ability to browse your $HOME.

- give both of you systrace'd shells that deny access to the other's $HOME. But then what prevents one from adding a user and granting su and a different shell so as to access your $HOME? Perhaps also immutable flag on /etc/group?

- hack up an interface to mount_portal to encrypt/decrypt files on the fly. This could keep unencrypted files only in memory, so would it be possible for the other user to dump your memory?

Some of these solutions might be really reminiscent of Rube Goldberg, depending on what your final goal is. I'm probably also missing a real simple solution.

soup4you2
April 2nd, 2003, 11:40
i think that creating a nice 10g file through dd then using vnconfig should work fine for me.. the guy is not smart enough to figure out what to do with it.. plus i could just encript the file when it's not mounted..

thanks for your help