anderson.lizardo at gmail.com
Sun Nov 26 15:34:33 GMT 2006
On 11/26/06, Jeremy Schoenhaar <jeremy at fam-schoenhaar.de> wrote:
> I overlooked that part about the root partition. As sensitive data does
> NOT belong on / that would be a waste of energy in my opinion. /home,
> SWAP, /tmp, and other partitions on the otherhand would be a big +
Also don't forget about /var/mail/, /var/spool/cups (in case you have
some sensitive document waiting for printing), /var/log/ (if e.g. you
allow sudo to log all commands run with sudo), /etc/ (Postfix SASL
passwords, /etc/shadow) etc.
My point is: in practice, you have no (easy) way to guarantee that any
program will not write sensitive data to a unencrypted partition. If
that happens, even for a small time, sensitive data will be left on
the hard-disk ("rm" does not physically remove file contents from the
disk, just its entry from the directory) and can be recovered by
grepping /dev/hd* or by using debugfs.
My suggestion would be to provide the two options (encrypt entire
disk, except for /boot; and encrypt only user-defined partitions), and
warn the user about the issues of encrypting only some partitions
(less secure) or the entire disk (performance).
I've been using an entirely encrypted harddisk on my laptop (except
for /boot, so GRUB can read the kernel images and menu.lst) for many
months now, and what I can say is that it's still very responsive.
Just my $0.02. Regards,
More information about the ubuntu-devel