Subject: Re: is there an sshfs for NetBSD ?
To: Roland Dowdeswell <elric@imrryr.org>
From: Kamal R Prasad <kamalrpr@in.ibm.com>
List: tech-kern
Date: 05/13/2003 10:22:12
------------------------------------------------------------------------------
Kamal R. Prasad
AIX Support & Test, IBM India Software Labs
Golden Enclave, Airport Road, Bangalore-560017, India
Phone : +91-80-5094963, Internal Ext : 2963
On 1052687897 seconds since the Beginning of the UNIX epoch
Bill Studenmund wrote:
>
>A file system would be more for a case where physical security isn't a
>strong issue but protecting one user from another is. cgd is best for a
>case where protecting one user from another isn't a big deal, but
phsyical
>security is.
>It warrants pointing out that an encrypting file system does not
>really protect users from each other on a single host much more
>than chmod 600 does, though. If you can circumvent the kernel then
>you can read the other user's key. The best you get in this case
>from an encrypting file system is temporal protection, i.e. you
>have to compromise the box when the target user is logged in rather
>than at any point in time.
The co. where I used to work -had something different on mind (besides
protecting users from each other's data). They were supplying PCs
*without* custom hardware and lots of code in the user-space. They did not
want someone else to pirate the binaries -but wanted the data on the box
available for general use. so cgd would not have served the purpose, but a
crypto filesystem would have. but IMHO - layering of filesystems is a
costly implementation in terms of performance degradation.
regards
-kamal
--
Roland Dowdeswell http://www.Imrryr.ORG/~elric/