Subject: Re: is there an sshfs for NetBSD ?
To: None <tech-kern@netbsd.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-kern
Date: 05/13/2003 14:46:22
On Tue, May 13, 2003 at 02:17:49PM -0400, der Mouse wrote:
> >>> How would a cryptographic filesystem have helped any more than
> >>> simply changing the permissions on the binaries so that they were
> >>> executable but not readable?
> >> The kernel will have a key to decrypt binaries that are loaded from
> >> hard disk. so copying the encrypted binaries on another unix box
> >> will not allow them to be used.
> > That doesn't make any sense at all; if you can bypoass the kernel's
> > protection and copy executables that have executable but not read
> > permission, you can bypass the kernel's protection and decrypt and
> > copy the executables.
>
> Only if you have the decryption key - or if the bypass method includes
> the decryption path.
The kernel has only a single domain of protection. If you can bypass its
enforcement of filesystem permissions, you can bypass its control over
the purposes for which executables will be decrypted.