On Thu, 11.04.13 13:08, har...@redhat.com (har...@redhat.com) wrote:
> From: Harald Hoyer <har...@redhat.com>
>
> If the key file cannot be accessed, we can at least ask for the
> password.
I like the general idea, but not the patch.
This code is racy. We shouldn't even start with things like this. We
should try to open the file, and if that fails fallback to a prompt, but
not in two steps wher we check first, and open then. The race might not
result in any security issues in the general case, but it's still
dirty. And we try to avoid dirty in systemd.
> + /* We can't access the key_file, so ask for the
> password */
> + if (access(key_file, R_OK)) {
> + log_error("Can't access key file '%s': %m",
> key_file);
> + key_file = NULL;
> + }
> +
Lennart
--
Lennart Poettering - Red Hat, Inc.
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
