On Mon, Feb 02, 2015 at 04:42:21PM +0100, Lennart Poettering wrote:
> On Mon, 02.02.15 12:06, Cristian Rodríguez (crrodriguez at opensuse.org)
> wrote:
>
> > Using /dev/urandom as a key is valid for swap, do not
> > warn if this devices are world readable.
> > ---
> > src/cryptsetup/cryptsetup.c | 6 ++++--
> > 1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
> > index e6b37ac..38930ae 100644
> > --- a/src/cryptsetup/cryptsetup.c
> > +++ b/src/cryptsetup/cryptsetup.c
> > @@ -624,8 +624,10 @@ int main(int argc, char *argv[]) {
> >
> > /* Ideally we'd do this on the open fd, but since
> > this is just a
> > * warning it's OK to do this in two steps. */
> > - if (stat(key_file, &st) >= 0 && (st.st_mode &
> > 0005))
> > - log_warning("Key file %s is
> > world-readable. This is not a good idea!", key_file);
> > + if (stat(key_file, &st) >= 0 && (st.st_mode &
> > 0005)) {
> > + if(!STR_IN_SET(key_file, "/dev/urandom",
> > "/dev/random", "/dev/hw_random"))
> > + log_warning("Key file %s is
> > world-readable. This is not a good idea!", key_file);
> > + }
>
> I'd prefer if we'd change the check instead to only apply to
> S_ISREG() files. This way we wouldn't have to list all RNG device
> nodes.
With the exception of /dev/*random, you don't want a world-readable
device used for a key either. Some people have setups that use a USB
device (e.g. /dev/sd* or /dev/disk/by-*/*) as a keyfile, and in that
case, the file should *not* be world-readable.
- Josh Triplett
_______________________________________________
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
