On Wed, 13 Feb 2013 18:21:24 -0800 Aaron U <sdct...@hotmail.com> wrote: | I really like the idea of using EncFS, however, one of the problems that I can see (and this may be a problem for me with FUSE altogether) is that so far in my tests any other session that is created in the name of the mounting user can also access the mount regardless of whether or not they have the password to decrypt. | | Take the following scenario: | User A logs in and mounts their private EncFS shareUser B logs in and assumes root and then su's into user AUser B now has full access to User A's encrypted mounts without knowing their user password or their encryption password | Do you know if there is any way to mitigate this scenario with EncFS? | If possible, it would be great to make it so that the EncFS mount is only available within the session that did the original mounting. So even if I were to log in with User A's password, the mount would appear inaccessible. | If not, are there any other suggestions out there? |
Note that root always generally can get access to anything that is on a machine, while it is decrypted. That is not something you can prevent. So while the encfs is decrypted root has access probably even without becomming the original user. The way to prevent this is only mount the encfs on a personal machine only you have access too. The network and remote sides always remain encrypted, so only the local user has access.. If that is not posible, you may be able to run a virtual machine (VMplayer). That should make it very difficult for root to see anything as he is not running the console. As such only the users display has access. How secure this is I am not certain about. But it should be much harder for a local admin to access the encfs mounted partition as the mount is in the virtual environment and not on the main (multi-user) system. Anthony Thyssen ( System Programmer ) <a.thys...@griffith.edu.au> -------------------------------------------------------------------------- Remember remember the 5th of November, the gun powder treason and plot. I know of no reason why the gun powder treason should ever be forgot. -------------------------------------------------------------------------- Anthony's Castle http://www.ict.griffith.edu.au/anthony/ ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Encfs-users mailing list Encfs-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/encfs-users