Jan Hudec wrote: > > For FUSE, what's needed is that a user can mount something, and the > > mounted fs is visible only to that user, but it's visible to _all_ of > > the user's processes. > > Including root's su to that user... > Keeping information in a process group is the *only* way to actually > lock out root.
If root is _intending_ to view the user's data, it will succeed. Keeping them in a process group won't prevent that: root can look at the data accessible by any process (via ptrace or /dev/mem). The problem most clearly illustrating the need for private user data is sshfs, or anything which mounts over ssl/tls. > That is, except some kind of keyring in kernel. For secure user data, as in sshfs, that's the only real solution: a keyring in kernel which cannot be accessed simply by calling su, and which must be accessed to gain access to the mounted directory. Which is no different from securing user data when scp+ssh-agent is used. -- Jamie - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
