What i was thinking that cipe directory will be located in the
encypted filesystem and symlinked to /etc directory, then it will not
expose itself unless you have full access to harddisk. If the key managing
is proper (laptop stolen -> all access denied to internal services ) I
would be more worrying about the information which is lying on
the local harddisk.
On Fri, 17 Jan 2003, Gregory Hosler wrote:
> On 17-Jan-03 Mikko Pasanen wrote:
> > How about encrypting partitions which are containing critical
> > information ? Of course it would be harder to borrow machines, but I think
> > it possible to easily separate "critical" information and regular stuff,
> > and then if the user cannot mount critical stuff they cannot access the
> > network and can login with guest account.
> the password is on the root partition (in /etc/cipe, which by definition
> be in the root partition). if you're gonna encrypt the root partition, and
> lend out the laptop, you need to release the password for the root
> otherwise you might as well not lend out the laptop in the first place.