Re: New release of CFS Unix encrypting file system available
In article <199510271954.PAA20647@universe.digex.net> Scott Brickner <sjb@universe.digex.net> wrote:
Matt Blaze writes:
CFS pushes encryption services into the Unix(tm) file system. It supports secure storage at the system level through a standard Unix file system interface to encrypted files. Users associate a cryptographic key with the directories they wish to protect. Files in these directories (as well as their pathname components) are transparently encrypted and decrypted with the specified key without further user intervention; cleartext is never stored on a disk or sent to a remote file server. CFS employs a novel combination of DES stream and codebook cipher modes to provide high security with good performance on a modern workstation. CFS can use any available file system for its underlying storage without modification, including remote file servers such as NFS. System management functions, such as file backup, work in a normal manner and without knowledge of the key.
What happens to hard links?
mkdir foo bar CFS_set_directory_key -directory ./foo -key foo-key CFS_set_directory_key -directory ./bar -key bar-key cp /etc/passwd ./foo/test1 ln ./foo/footest ./bar/bartest cmp ./foo/footest ./bar/bartest
This is a serious flaw. The emperor has no clothes. People should sue at&t for this shit.
Anonymous User <nobody@c2.org> writes:
This is a serious flaw. The emperor has no clothes. People should sue at&t for this shit.
This is one of those times that I don't see much use for anonymity... -- ` . . . I'm a sysadmin, with an admitted preference for things I can reboot over things I have to negotiate with . . . ' Mike Shaver (shaver@neon.ingenia.com)
Anonymous writes:
What happens to hard links?
mkdir foo bar CFS_set_directory_key -directory ./foo -key foo-key CFS_set_directory_key -directory ./bar -key bar-key cp /etc/passwd ./foo/test1 ln ./foo/footest ./bar/bartest cmp ./foo/footest ./bar/bartest
This is a serious flaw. The emperor has no clothes. People should sue at&t for this shit.
I'm not sure why I'm bothering to respond to this, but I'd hate to think someone might take the above message seriously and think that there's some kind of "serious flaw" in CFS demonstrated by this sequence of (hypothetical, incorrect) commands. So here goes: What on earth are you talking about? As I pointed out in a previous message, that's not how CFS works - you can't link across encrypted directories. There may be (and probably are) bugs in or attacks against CFS, but this isn't one of them. -matt
Matt Blaze enscribed thusly:
Anonymous writes:
What happens to hard links?
mkdir foo bar CFS_set_directory_key -directory ./foo -key foo-key CFS_set_directory_key -directory ./bar -key bar-key cp /etc/passwd ./foo/test1 ln ./foo/footest ./bar/bartest cmp ./foo/footest ./bar/bartest
This is a serious flaw. The emperor has no clothes. People should sue at&t for this shit.
"Sue AT&T..." For free, unsupported software? In a remark's from a coward hiding behind an anonymus remailer. For a problem that is all in his own mind! Give Me A Break!
I'm not sure why I'm bothering to respond to this, but I'd hate to think someone might take the above message seriously and think that there's some kind of "serious flaw" in CFS demonstrated by this sequence of (hypothetical, incorrect) commands. So here goes:
Matt, you're responding to an annonymous twit spouting ignorant ravings because if you didn't, some others would think this guy had something significant to say. It's a sad state of afairs when someone creates a great package like CFS and then has to deal with an annoyance like this.
What on earth are you talking about?
You think he knows? You give him a lot more credit than I would!
As I pointed out in a previous message, that's not how CFS works - you can't link across encrypted directories.
There may be (and probably are) bugs in or attacks against CFS, but this isn't one of them.
To quote one of Gary Trudeau's characters from "Doonsburry" - "Look! The clothes have no Empereror!"
-matt
Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
participants (4)
-
Anonymous User -
Matt Blaze -
Michael H. Warfield -
scs@lokkur.dexter.mi.us