2005-09-13 14:07:43

by ext3crypt

[permalink] [raw]
Subject: Input Desired -- sorry if this is not the forum.

Hi,

I'm currently working on a kernel modification to extend the EXT3 file
system to include encryption based on file ownership.

This is an experimental graduate project for Penn State that may result in a
proposed patch.

Each user and group has an encryption key and files are encrypted with
the key based on permissions. The issues is what should I do about
"root" access, since root has free access to everything. There are two
goals -- transparency (everything works like it did without encryption but
slower)
and security (for root it conflicts with transparency).

I can maintain free access -- but the overall security is weakened
since an attacker will only need to gain the root encryption key to
authenticate.

I can disallow access to files for root based on the permissions --
which may cause applications to stop working properly, since they may
count on root's special privlages.

I can allow access to files that are encrypted and root does not have
permissions to as ciphertext and the files root does have access to as
plaintext.

Other ideas are welcome.