Man Linux: Main Page and Category List

NAME

       cattach - attach encrypted directory to CFS

SYNOPSIS

       cattach [ -l ] [ -- ] [ -t minutes] [ -i minutes] directory name

DESCRIPTION

       cattach  associates  the  encrypted  directory (previously created with
       cmkdir(1)) with the specified name.  cattach prompts for a  passphrase,
       which  is  used  to  generate cryptographic keys sent to the cfs daemon
       cfsd(8) and used to transparently encrypt  and  decrypt  the  files  as
       needed.   If  the  correct passphrase is given (as verified by a known-
       plaintext  hash  file  in  the  encrypted  directory),  the  user   may
       thereafter  access  the  cleartext  of the files in a virtual directory
       called name under the CFS mount point (usually /crypt).  Otherwise,  no
       virtual   directory  is  created.   The  underlying  directory  may  be
       specified either as  an  absolute  path  or  relative  to  the  current
       directory.

       If  no  name is specified, the last path component of directory is used
       as a default.

       If the -l ("lower  security  mode")  option  is  given,  newly  created
       identical  files will encrypt to identical ciphertexts.  Otherwise, the
       creation time plus the original inode number of the encrypted  file  is
       used  to  perturb each file, frustrating certain cryptanalytic attacks.
       Under highly concurrent operation with multiple instances of  the  same
       encrypted  directory,  however,  lower security mode may be required to
       avoid some race  conditions.   This  mode  also  makes  recovery  (from
       backups) of individual encrypted files a bit simpler.

       Note  that attached virtual directories may be used only by users whose
       UID is the same as the issuer of the cattach command.

       Ordinarily, the names of all  currently  attached  directories  can  be
       obtained  by listing the contents of /crypt (e.g., with ls(1)).  If the
       specified name begins with a ’.’ (dot), however, cfsd will not  include
       the  name  in  directory listings.  By using a hard-to-guess name, this
       mechanism can be used to provide some protection against attackers  who
       can spoof the UID on the client machine.  See the ssh(1) command for an
       example of this usage.

       The -t option causes the attach to  automatically  go  away  after  the
       specified  number of minutes.  The -i option deletes the attach after a
       specified number of minutes of inactivity.  Note that these options, if
       used,  should be chosen with some care; too short timeouts may actually
       increase the risk of compromise of frequently re-typed passphrases.

       cattach will normally attempt to  read  the  passphrase  from  the  tty
       device  (/dev/tty) and will not echo.  The -- options forces cattach to
       read from stdin.

       Virtual directories should be removed with the cdetach(1) command  when
       no longer in use.

EXAMPLES

       cattach /u/mab/secrets mab
              associates   encrypted   directory   "/u/mab/secrets"  with  the
              cleartext name "mab".  Creates virtual directory "/crypt/mab".

       cattach /u/mab/secrets .123xyzzy
              associates  encrypted  directory   "/u/mab/secrets"   with   the
              cleartext  name ".123xyzzy".  The cleartext name will not appear
              in a listing of /crypt.

       cattach -l secrets mab
              associates the encrypted  directory  "secrets"  in  the  current
              directory  with  the cleartext name "mab".  Identical files will
              encrypt to the same ciphertext.

FILES

       /crypt/*
              currently attached cleartext instances

SEE ALSO

       cfsd(8), cdetach(1), cmkdir(1), ssh(1)

BUGS

       Really, really slow machines can time out on the  RPC  before  cfsd  is
       finished  processing the attach command, especially when 3-DES is used.
       Such machines should probably be considered too slow to be  running  an
       encrypted file system anyway.

       You  can’t  attach  an  already  encrypted  directory, lest the single-
       threaded cfsd find itself in a deadlock.

       There really should be a better security  mechanism  than  the  UID  to
       protect  against  spoofing  currently  attached directories.  The .name
       hack is an ugly kludge.  In particular, it would  be  better  to  limit
       access to the process group of the user who issued the cattach command.
       Unfortunately, that information is not passed to cfsd.

       The timeout isn’t perfect, and may occur a minute  or  two  later  than
       expected.

AUTHOR

       Matt Blaze; for information on cfs, email to cfs@research.att.com.