From: Pavel Machek <pavel@ucw.cz>
To: Matt Mackall <mpm@selenic.com>,
linux-kernel <linux-kernel@vger.kernel.org>,
Christophe Saout <christophe@saout.de>,
Clemens Fruhwirth <clemens@endorphin.org>,
dm-crypt@saout.de
Subject: Re: dm-crypt crypt_status reports key?
Date: Thu, 3 Feb 2005 22:53:05 +0100 [thread overview]
Message-ID: <20050203215305.GA1483@elf.ucw.cz> (raw)
In-Reply-To: <20050202235002.GD14097@agk.surrey.redhat.com>
Hi!
> > # dmsetup table /dev/mapper/volume1
> > 0 2000000 crypt aes-plain 0123456789abcdef0123456789abcdef 0 7:0 0
>
> > Obviously, root can in principle recover this password from the
> > running kernel but it seems silly to make it so easy.
>
> There seemed little point obfuscating it - someone will only
> write a trivial utility that recovers it.
>
> The current approach has the advantage of making it
> obvious to you that if you have root access, you have
> access to the password while the encrypted data volumes
> are mounted.
>
> Consider instead *why* you're worried about the password being
> held in RAM and look for better solutions to *your*
> perceived threats.
Actually, this *is* bad. I bet someone is going to post their secret
key to lkml when debugging...
Or I can see conversation like this:
admin: "My devices work too slowly, is there something wrong with
device mapper?"
Pavel walks to his console, says: "Okay, show me your
/dev/mapper/volume1"
admin does that.
For this to be usefull Pavel'd have to remember the key before admin
realizes what he has done, but..... Or imagine pavel shoulder-surfing
admin trying to debug device mapper.
Pavel
--
People were complaining that M$ turns users into beta-testers...
...jr ghea gurz vagb qrirybcref, naq gurl frrz gb yvxr vg gung jnl!
next prev parent reply other threads:[~2005-02-03 22:14 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-02 21:19 dm-crypt crypt_status reports key? Matt Mackall
2005-02-02 23:50 ` Alasdair G Kergon
2005-02-03 1:00 ` Matt Mackall
2005-02-03 21:53 ` Pavel Machek [this message]
2005-02-03 1:33 ` Christophe Saout
2005-02-03 1:52 ` Matt Mackall
2005-02-03 2:34 ` Christophe Saout
2005-02-03 4:05 ` Matt Mackall
2005-02-03 13:07 ` Christophe Saout
2005-02-03 14:18 ` Fruhwirth Clemens
2005-02-03 10:15 ` Christopher Warner
2005-02-03 15:17 ` Fruhwirth Clemens
2005-02-03 14:47 ` Andries Brouwer
2005-02-03 15:00 ` Fruhwirth Clemens
2005-02-04 13:27 ` [dm-crypt] " Fruhwirth Clemens
2005-02-04 14:03 ` Christophe Saout
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050203215305.GA1483@elf.ucw.cz \
--to=pavel@ucw.cz \
--cc=christophe@saout.de \
--cc=clemens@endorphin.org \
--cc=dm-crypt@saout.de \
--cc=linux-kernel@vger.kernel.org \
--cc=mpm@selenic.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.