[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New release of CFS Unix encrypting file system available



Anonymous writes:
> >
> >What happens to hard links?
> >
> >mkdir foo bar
> >CFS_set_directory_key -directory ./foo -key foo-key
> >CFS_set_directory_key -directory ./bar -key bar-key
> >cp /etc/passwd ./foo/test1
> >ln ./foo/footest ./bar/bartest
> >cmp ./foo/footest ./bar/bartest
> 
> This is a serious flaw. The emperor has no clothes. People should
> sue at&t for this shit.

I'm not sure why I'm bothering to respond to this, but I'd hate to
think someone might take the above message seriously and think that
there's some kind of "serious flaw" in CFS demonstrated by this sequence
of (hypothetical, incorrect) commands.  So here goes:

What on earth are you talking about?

As I pointed out in a previous message, that's not how CFS works - you
can't link across encrypted directories.

There may be (and probably are) bugs in or attacks against CFS, but this
isn't one of them.

-matt