On 2011-10-19 19:59:57, Dustin Kirkland wrote:
> It's crossed my mind more a few times to deprecate the feature
> entirely...
I disagree.
IMO, we should strive to separate out the complexity of setting up the
auth tok, and inserting it into the keyring, from mount helpers. Keep in
mind that setting up the auth tok could involve a key module making a
key fetch request over the network. This would make the mount helpers
more auditable and reduce the risk when making them setuid root.
ecryptfs-manager is a step in the right direction, but it does
definitely need some love.
On 2011-10-19 19:59:57, Dustin Kirkland wrote:
> It's crossed my mind more a few times to deprecate the feature
> entirely...
I disagree.
IMO, we should strive to separate out the complexity of setting up the
auth tok, and inserting it into the keyring, from mount helpers. Keep in
mind that setting up the auth tok could involve a key module making a
key fetch request over the network. This would make the mount helpers
more auditable and reduce the risk when making them setuid root.
ecryptfs-manager is a step in the right direction, but it does
definitely need some love.