[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: prevent Linux root from seeing my files

From: Chris Albertson <albertson.chris_at_gmail.com>
Date: Mon, 29 Nov 2010 11:29:39 -0800

Absolutely NOTHING will work if a person has physical access to the
server. You simply have to trust whoever is running the computer
for you. How would you know that he did not swap out the entire
computer? You'd think your data is encrypted but. What if he has
replaced system software or is running a modified copy of SVN
that logs everything. Without physical control of the computer
anyone can re-boot it from a DVD and do what he wants.

So all you can hope for is a "weak lock" that keeps out casual
browsing of the files. For that simply use the normal UNIX file
permissions. Yes it is easy for root to bypass that but if he is
willing to do that then (1) he should be fired on the spot and told
to go home without delay. and (2) If he can do a "chmod" he
can just as easy to a re-boot to a live CD or modify the SVN
\server or whatever.

If the files absolutly must be private then simply buy your own
computer, they are not expensive.

On Mon, Nov 29, 2010 at 10:59 AM, Les Mikesell <lesmikesell_at_gmail.com> wrote:
> On 11/29/2010 11:21 AM, Piotr Kabaciński wrote:
>>>> If you are able to create dedicated partition you could encrypt repo
>>>> like described here:
>>>> http://www.hypersphere.org/personal/svn.shtml
>>> With some pretty important drawbacks, the no diff/conflict resolution
>>> would be
>>> a dealbreaker for me
>> With encryption on filesystem level files in repo are not saved as
>> binary (in terms of svn). Svn with repo works like it works before.
>> Drawback is that OS has to compress and decompress file every time you
>> need to commit/checkout.
>> Diff would be useless if you encrypt every file before commit, and send
>> it as binary, and that is not this situation.
> Yes, but the filesystem as mounted with the encryption key would still be
> visible to root.
> If you can get another IP address, it might work to run a virtual machine on
> the existing hardware under vmware, virtualbox, xen, kvm, etc.  You'd need
> root support to set it up and root on the host would still be able to shut
> down and delete the image, but the virtual machine could have a different
> root password and not be directly accessible to root on the host.  However
> even that would not be completely safe - I think there are some tools that
> let you mount virtual machine disk images into a physical machine.
> --
>   Les Mikesell
>    lesmikesell_at_gmail.com

Chris Albertson
Redondo Beach, California
Received on 2010-11-29 20:30:18 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.