On Mon, Feb 02, 2015 at 04:42:21PM +0100, Lennart Poettering wrote: > On Mon, 02.02.15 12:06, Cristian Rodríguez (crrodriguez at opensuse.org) > wrote: > > > Using /dev/urandom as a key is valid for swap, do not > > warn if this devices are world readable. > > --- > > src/cryptsetup/cryptsetup.c | 6 ++++-- > > 1 file changed, 4 insertions(+), 2 deletions(-) > > > > diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c > > index e6b37ac..38930ae 100644 > > --- a/src/cryptsetup/cryptsetup.c > > +++ b/src/cryptsetup/cryptsetup.c > > @@ -624,8 +624,10 @@ int main(int argc, char *argv[]) { > > > > /* Ideally we'd do this on the open fd, but since > > this is just a > > * warning it's OK to do this in two steps. */ > > - if (stat(key_file, &st) >= 0 && (st.st_mode & > > 0005)) > > - log_warning("Key file %s is > > world-readable. This is not a good idea!", key_file); > > + if (stat(key_file, &st) >= 0 && (st.st_mode & > > 0005)) { > > + if(!STR_IN_SET(key_file, "/dev/urandom", > > "/dev/random", "/dev/hw_random")) > > + log_warning("Key file %s is > > world-readable. This is not a good idea!", key_file); > > + } > > I'd prefer if we'd change the check instead to only apply to > S_ISREG() files. This way we wouldn't have to list all RNG device > nodes.
With the exception of /dev/*random, you don't want a world-readable device used for a key either. Some people have setups that use a USB device (e.g. /dev/sd* or /dev/disk/by-*/*) as a keyfile, and in that case, the file should *not* be world-readable. - Josh Triplett _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel