Proposal: Personal Data Encryption (maybe SoC?)

Joe Pfeiffer jjpfeifferjr at
Wed Mar 21 21:54:36 CET 2007

Andreas Kostyrka writes:
>> At the moment, I'm wandering around the source code for __libc_read() and
>> __libc_write() to see if there's a good way to hijack a program's
>> read() and write() calls, so if they are to a file that's marked as
>> encrypted the data can go through encrypt() on the way....
>Yes, you can in theory do that. E.g. use a LD_PRELOAD library.
>BUT, here come the pitfalls:
>a) you need to keep extreme exact file positions. Or use lseek on
>every read/write to get your place in the file.

Worse, you get a (blocksize) granularity on file position, where
(blocksize) is the block size of the encryption algorithm (and this
assumes a block cipher with the blocks handled independently).

>b) mmap.

I haven't come across many applications that use mmap for file i/o
(now I'll bet you'll give some critical examples!)

>c) from my experience, stdio.h, C++ streams and unistd.h read/write
>reach a different site for the kernel syscall. That might have changed
>or have been an artifact of LD_PRELOADing into the app.

This doesn't strike me as a biggy...

>So encryptfs sounds way more useful for that usage.

But it has the "encryption jail" drawback.

More information about the community mailing list