[ltp] Re: Suspend with crypted swap?
Stefan Monnier
linux-thinkpad@linux-thinkpad.org
Fri, 07 Sep 2007 17:00:20 -0400
> ... because none of the information in / is really a secret, except the
> aforementioned partitions. There is of course stuff like /etc/shadow and
> /etc/wpa_supplicant.conf (but it can be moved to an encrypted partition),
> but other than that, what is in cleartext in / that is NOT located on the
> partitions above?
Actually /var may also contain sensitive info in /var/tmp and maybe a few
other places. I guess if you said that /usr doesn't need to be encrypted
everybody would agree. By pushing it up to / you end up having to be a lot
more careful (e.g. if you move /etc/shadow to an encrypted partition and
replace it with a symlink, you have to be extra careful that it doesn't get
moved back to the non-encrypted one by a simple "move©").
Stefan