On Tue, Oct 1, 2013 at 9:06 AM, Dolev Farhi dolev@sys-blog.net wrote:

I have a CIFS share that I mount on a CentOS6.4.

Currently I am keeping the password in a regular hidden file, for example /test/.cred with the username and password. the /etc/fstab directive points to that file. for example:

//10.0.0.1/share /mnt cifs defaults,credentials=/test/.cred

Since this file is readable by the root user, I figured if there might be a way to encrypt this file, and with decrypt this file with a script so the mount will succeed, and then encrypt it again. or maybe there is another way of doing this? any ideas?

What kind of root would be able to read your .cred file, and not be able to read your script?

The best way to keep the credentials out of root's hands would be to do the mount yourself, manually, each time. It wouldn't surprise me though if that left the PW in memory somewhere.

Or perhaps use a command-locked ssh key to run the mount command from a remote computer. On that remote computer, use 'expect' to feed the cifs credentials through ssh to the remotely running mount command. Of course it would be trivial for the remote admin to swap your ssh key locked command for a malicious script that captures and posts your credentials to facebook, but at least this prevents STORING them on the remote system. They could also swap out openssh for a trojaned version that logs everything.

If you don't trust root, that is the bigger problem, solve you must first.

There are also pam modules you could run on the cifs server that do non-traditional authentication, for instance using single-use tokens instead of (reusable) passwords. (Or you could change the password after each mount). Perhaps things like kerberos tokens would help as well.