On 2007-12-12 John C. Welch wrote:
> On 12/12/2007 12:15 PM, "Ansgar -59cobalt- Wiechers" wrote:
>>> There's no "guarantee" with FV. I have yet to see Apple claim that
>>> FV is perfect in that manner.
>>
>> You missed the point. Without on-the-fly encryption data might leak
>> out of a FileVault due to a power outage (or someone pulling the plug
>> or whatever). The possible data leak would make it more than just a
>> "physical 'don't let people play in your login' issue". On-the-fly
>> encryption, however, takes care of this issue.
>
> How is it going to be an issue if they don't have access to your
> machine?
If they didn't have access to the machine you wouldn't need any kind of
encryption in the first place.
>>> If you're going to insist that FV cover every possible edge case,
>>> then you may as well not use it until you get whole-disk encryption
>>> on the boot volume for your Mac, because all someone has to do is
>>> save somewhere other than their home directory, and FV is useless.
>>
>> I'm not insisting on anything. I'm explaining the benefit that
>> justifies on-the-fly encryption despite its performance impact.
>
> Do you expect FV to encrypt ALL data transfers, regardless of
> location?
FileVault is basically an encrypted filesystem mounted to the user's
$HOME, so I do expect FileVault to encrypt all writes to that
filesystem.
> Because otherwise, you have problems in various temp directories that
> exist outside of the home directory. How do you deal with /tmp and
> others?
Swap is already encrypted, and /tmp can be taken care of by something
like this:
----8<----
dd if=/dev/urandom bs=1000 count=1 | hdiutil create \
-encryption -stdinpass -ov -size $size -fs HFS+ -mode 1777 \
/private/temp.img
hdiutil attach /private/temp.img -noautoopen -mountpoint /private/tmp
chmod +t /private/tmp
---->8----
Which other temp directories outside /tmp and $HOME user-writable? I'm
not aware of any.
Regards
Ansgar Wiechers
--
"Another option [for defragmentation] is to back up your important files,
erase the hard disk, then reinstall Mac OS X and your backed up files."
--http://docs.info.apple.com/article.html?artnum=25668
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
