cryptsetup: warn if keyfiles are world-readable
This commit is contained in:
parent
8973790ee6
commit
5f1dac6bf6
6
TODO
6
TODO
|
@ -158,8 +158,6 @@ Features:
|
||||||
|
|
||||||
* use "log level" rather than "log priority" everywhere
|
* use "log level" rather than "log priority" everywhere
|
||||||
|
|
||||||
* ensure sd_journal_seek_monotonic actually works properly.
|
|
||||||
|
|
||||||
* timedate: have global on/off switches for auto-time (NTP), and auto-timezone that connman can subscribe to.
|
* timedate: have global on/off switches for auto-time (NTP), and auto-timezone that connman can subscribe to.
|
||||||
|
|
||||||
* Honour "-" prefix for InaccessibleDirectories= and ReadOnlyDirectories= to
|
* Honour "-" prefix for InaccessibleDirectories= and ReadOnlyDirectories= to
|
||||||
|
@ -366,10 +364,10 @@ Features:
|
||||||
- nspawn: make it work for dwalsh and shared /usr containers -- tmpfs mounts as command line parameters, selinux exec context
|
- nspawn: make it work for dwalsh and shared /usr containers -- tmpfs mounts as command line parameters, selinux exec context
|
||||||
|
|
||||||
* cryptsetup:
|
* cryptsetup:
|
||||||
- cryptsetup-generator: warn if the password files are world-readable
|
|
||||||
- cryptsetup-generator: allow specification of passwords in crypttab itself
|
- cryptsetup-generator: allow specification of passwords in crypttab itself
|
||||||
- move cryptsetup key caching into kernel keyctl?
|
- move cryptsetup key caching into kernel keyctl?
|
||||||
https://bugs.freedesktop.org/show_bug.cgi?id=54982
|
https://bugs.freedesktop.org/show_bug.cgi?id=54982
|
||||||
|
- support rd.luks.allow-discards= kernel cmdline params in cryptsetup generator
|
||||||
|
|
||||||
* move debug shell to tty6 and make sure this doesn't break the gettys on tty6
|
* move debug shell to tty6 and make sure this doesn't break the gettys on tty6
|
||||||
|
|
||||||
|
@ -440,8 +438,6 @@ Features:
|
||||||
|
|
||||||
* change Requires=basic.target to RequisiteOverride=basic.target
|
* change Requires=basic.target to RequisiteOverride=basic.target
|
||||||
|
|
||||||
* support rd.luks.allow-discards= kernel cmdline params in cryptsetup generator
|
|
||||||
|
|
||||||
* when breaking cycles drop sysv services first, then services from /run, then from /etc, then from /usr
|
* when breaking cycles drop sysv services first, then services from /run, then from /etc, then from /usr
|
||||||
|
|
||||||
* move passno parsing to fstab generator
|
* move passno parsing to fstab generator
|
||||||
|
|
|
@ -497,15 +497,25 @@ int main(int argc, char *argv[]) {
|
||||||
crypt_get_volume_key_size(cd)*8,
|
crypt_get_volume_key_size(cd)*8,
|
||||||
argv[3]);
|
argv[3]);
|
||||||
|
|
||||||
if (key_file)
|
if (key_file) {
|
||||||
k = crypt_activate_by_keyfile_offset(cd, argv[2], CRYPT_ANY_SLOT, key_file, opt_keyfile_size,
|
struct stat st;
|
||||||
|
|
||||||
|
/* Ideally we'd do this on the open
|
||||||
|
* fd, but since this is just a
|
||||||
|
* warning it's OK to do this in two
|
||||||
|
* steps */
|
||||||
|
if (stat(key_file, &st) >= 0 && (st.st_mode & 0005))
|
||||||
|
log_warning("Key file %s is world-readable. That's certainly not a good idea.", key_file);
|
||||||
|
|
||||||
|
k = crypt_activate_by_keyfile_offset(
|
||||||
|
cd, argv[2], CRYPT_ANY_SLOT, key_file, opt_keyfile_size,
|
||||||
opt_keyfile_offset, flags);
|
opt_keyfile_offset, flags);
|
||||||
if (k < 0) {
|
if (k < 0) {
|
||||||
log_error("Failed to activate with key file '%s': %s", key_file, strerror(-k));
|
log_error("Failed to activate with key file '%s': %s", key_file, strerror(-k));
|
||||||
key_file = NULL;
|
key_file = NULL;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
else {
|
} else {
|
||||||
char **p;
|
char **p;
|
||||||
|
|
||||||
STRV_FOREACH(p, passwords) {
|
STRV_FOREACH(p, passwords) {
|
||||||
|
|
Loading…
Reference in a new issue