From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JgDe7-0008BN-NS for garchives@archives.gentoo.org; Mon, 31 Mar 2008 06:37:31 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2B0BDE034D; Mon, 31 Mar 2008 06:37:30 +0000 (UTC) Received: from mgw-mx06.nokia.com (smtp.nokia.com [192.100.122.233]) by pigeon.gentoo.org (Postfix) with ESMTP id D357BE034D for ; Mon, 31 Mar 2008 06:37:29 +0000 (UTC) Received: from esebh105.NOE.Nokia.com (esebh105.ntc.nokia.com [172.21.138.211]) by mgw-mx06.nokia.com (Switch-3.2.6/Switch-3.2.6) with ESMTP id m2V6bRBo022241 for ; Mon, 31 Mar 2008 09:37:27 +0300 Received: from esebh102.NOE.Nokia.com ([172.21.138.183]) by esebh105.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 31 Mar 2008 09:36:58 +0300 Received: from de-du21-dhcp00234.emea.nsn-net.net ([10.146.2.34]) by esebh102.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 31 Mar 2008 09:36:58 +0300 From: Dirk Heinrichs Organization: Capgemini Deutschland GmbH To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Cryptfs Date: Mon, 31 Mar 2008 07:36:52 +0100 User-Agent: KMail/1.9.9 References: <1206811941.13252.13.camel@NOTE_GENTOO64.PHHEIMNETZ> <200803301851.04547.dirk.heinrichs@online.de> <20080330211304.1e9506aa@loonquawl.digimed.co.uk> In-Reply-To: <20080330211304.1e9506aa@loonquawl.digimed.co.uk> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3293678.TzT64LgOK4"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200803310836.58101.dirk.heinrichs.ext@nsn.com> X-OriginalArrivalTime: 31 Mar 2008 06:36:58.0864 (UTC) FILETIME=[9ECA7700:01C892F9] X-Nokia-AV: Clean X-Archives-Salt: 55fde645-3720-48ec-8d2b-243a67fc343c X-Archives-Hash: 3889dfadee3c3f84edd3e8f7df0168be --nextPart3293678.TzT64LgOK4 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Sonntag, 30. M=C3=A4rz 2008 schrieb ext Neil Bothwick: > On Sun, 30 Mar 2008 18:50:59 +0200, Dirk Heinrichs wrote: > > I protect the root fs with a passphrase and all other volumes with a > > keyfile stored in this fs. No need to mount anything (however, I _do_ > > need an initramfs because of this). > > That still means your keys are readable all the time, By root only, chmod 400 is your friend. > whereas mine=20 > disappear long before the network comes up. So what? If somebody cracks into your box and gains root access, he can't=20 mount /boot and take the keys? You'll need SELinux to prevent this. Bye... Dirk =2D-=20 Dirk Heinrichs | Tel: +49 (0)162 234 3408 Configuration Manager | Fax: +49 (0)211 47068 111 Capgemini Deutschland | Mail: dirk.heinrichs@capgemini.com Wanheimerstra=C3=9Fe 68 | Web: http://www.capgemini.com D-40468 D=C3=BCsseldorf | ICQ#: 110037733 GPG Public Key C2E467BB | Keyserver: www.keyserver.net --nextPart3293678.TzT64LgOK4 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQBH8IaK8NVtnsLkZ7sRAkXiAJ98Hxi6i6CAklwJlfqdqIvukuy1swCdE51l l3VeCsJoduWdDNuAolQW4wA= =+/Od -----END PGP SIGNATURE----- --nextPart3293678.TzT64LgOK4-- -- gentoo-user@lists.gentoo.org mailing list