On Tue, 30.04.13 15:28, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:
> > On Tue, Apr 30, 2013 at 04:36:11AM -0700, Lennart Poettering wrote: > > commit 5f1dac6bf605871615b35891a3966fa474db5b20 > > Author: Lennart Poettering <lenn...@poettering.net> > > Date: Mon Apr 29 19:57:29 2013 -0300 > > > > cryptsetup: warn if keyfiles are world-readable > Hi, > > this part is understandable... > > > commit 8973790ee6f62132b1b57de15c4edaef2c097004 > > Author: Lennart Poettering <lenn...@poettering.net> > > Date: Mon Apr 29 19:48:03 2013 -0300 > > > > cryptsetup: warn if /etc/crypttab is world-readable > ...but this one not. Majority of crypttabs out there contain stuff > like 'part_crypt /dev/part none luks' and the content can be inferred > from 'ls -l /dev/mapper' and distribution defaults. Passwords cannot > be stored in /etc/crypttab... No need to force people to hide > crypttab for no good reason. Hmm, yeah, I guess this was a bit premature. It was my plan though to readd support for specifying passwords in crypttab itself too. (This used to be available in many distros, and I think it's actually useful...). Anyway, for now I have downgraded the warning to debug again. Lennart -- Lennart Poettering - Red Hat, Inc. _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
