Subject: Re: is there an sshfs for NetBSD ?
To: Roland Dowdeswell <>
From: Kamal R Prasad <>
List: tech-kern
Date: 05/13/2003 10:22:12
Kamal R. Prasad
AIX Support & Test, IBM India Software Labs
Golden Enclave, Airport Road, Bangalore-560017, India
Phone : +91-80-5094963,  Internal Ext   : 2963

On 1052687897 seconds since the Beginning of the UNIX epoch
Bill Studenmund wrote:
>A file system would be more for a case where physical security isn't a
>strong issue but protecting one user from another is. cgd is best for a
>case where protecting one user from another isn't a big deal, but 
>security is.

>It warrants pointing out that an encrypting file system does not
>really protect users from each other on a single host much more
>than chmod 600 does, though.  If you can circumvent the kernel then
>you can read the other user's key.  The best you get in this case
>from an encrypting file system is temporal protection, i.e. you
>have to compromise the box when the target user is logged in rather
>than at any point in time.

The co. where I used to work -had something different on mind (besides 
protecting users from each other's data). They were supplying PCs 
*without* custom hardware and lots of code in the user-space. They did not 
want someone else to pirate the binaries -but wanted the data on the box 
available for general use. so cgd would not have served the purpose, but a 
crypto filesystem would have. but IMHO - layering of filesystems is a 
costly implementation in terms of performance degradation.

    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/