Re: About partition scheme.
Re: About partition scheme.
- Subject: Re: About partition scheme.
- From: Flost Li <email@hidden>
- Date: Mon, 09 Jul 2012 23:08:06 +0800
Indeed, we could not protecting some body to format the system disk whos have the root privileges,
But, there is less people has the privileges to do "kextunload" than has the privileges to executing "dd if=/dev/zero of=/dev/disk2s2". isnt it?
2012/7/9 Phil Jordan
<email@hidden>
On Mon, Jul 9, 2012 at 5:05 AM, Flost Li <
email@hidden> wrote:
> [Flost]: consider that if i would like to use disk2s2 to do some encrypt
> read/write. In your example, if the client operate with disk3, than you
> could encrypt/decrypt the data read/written, but if some read/write through
> disk2s2, it could only get the raw data,
> Isn't it?
> What I'd like to do is that I should make sure that people could not
> read/write through disk2s2, than no one could read the raw data.
Anyone with root privileges can just unload your kext, removing any
"protection" it offers, or load another kext that grabs disk2s2 inside
the kernel. There's no way to stop this. Anyway, if your crypto is any
good, access to the ciphertext isn't a problem. If it is a problem,
why bother with crypto? Anyway, FileVault2/CoreStorage already
implements all of this. How it works is explained in a WWDC2012 talk:
Session 709, "What's new in the filesystem." I suggest you look at
that.
phil
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden