On Fri, 15 May 2020 at 20:01, Zbigniew Jędrzejewski-Szmek <[email protected]> wrote:
> Oh, man. Once the password is written to a file on a real disk > (/var/...), it should be considered compromised. Using shred or rm makes > no guarantee that the bytes are removed from the device. In particular, > it would be fairly trivial to do something like "grep 'merged config' > /dev/sda" and chances are that this will find the password if it was > written there. > I agree with this. > Writing the password to /run/... is much much better though not ideal. > /run is backed by a tmpfs, and tmpfs contents can be written out to > swap. Chances of this happening and password being retrievable from disk are much smaller than in case of a disk-backed filesystem, but keeping > the password always in mlocked memory would be better. > The server installer does not set up swap and the filesystem is a tmpfs-backed overlay so that risk doesn't really apply here. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1878115 Title: logged luks passwords To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/curtin/+bug/1878115/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
