Proposal: Personal Data Encryption (maybe SoC?)
jjpfeifferjr at comcast.net
Wed Mar 21 21:54:36 CET 2007
Andreas Kostyrka writes:
>> At the moment, I'm wandering around the source code for __libc_read() and
>> __libc_write() to see if there's a good way to hijack a program's
>> read() and write() calls, so if they are to a file that's marked as
>> encrypted the data can go through encrypt() on the way....
>Yes, you can in theory do that. E.g. use a LD_PRELOAD library.
>BUT, here come the pitfalls:
>a) you need to keep extreme exact file positions. Or use lseek on
>every read/write to get your place in the file.
Worse, you get a (blocksize) granularity on file position, where
(blocksize) is the block size of the encryption algorithm (and this
assumes a block cipher with the blocks handled independently).
I haven't come across many applications that use mmap for file i/o
(now I'll bet you'll give some critical examples!)
>c) from my experience, stdio.h, C++ streams and unistd.h read/write
>reach a different site for the kernel syscall. That might have changed
>or have been an artifact of LD_PRELOADing into the app.
This doesn't strike me as a biggy...
>So encryptfs sounds way more useful for that usage.
But it has the "encryption jail" drawback.
More information about the community