Re: [dm-crypt] Library to do a 'luksOpen' programatically

[Arno Wagner <arno@wagner.name>]

On Wed, Apr 07, 2010 at 12:05:43PM +0200, Miguel ?ngel Garc?a Roig wrote:
> El mi??, 07-04-2010 a las 11:54 +0200, Milan Broz escribi??:
> > On 04/07/2010 11:12 AM, Miguel ??ngel Garc??a Roig wrote:
> > > I'm trying to do a : 
> > > 
> > > # cryptsetup luksOpen /dev/hda2 root
> > > 
> > > using a library call or similar. I am not able to call cryptsetup
> > > directly due to security reasons.
> > 
> > Which security reasons?
> 
> If i make a exec() calling the cryptsetup binary, if a user
> connected to the machine can gain access to root account, he/she
> could see the command, no ?

Indeed. As he/she can see a full memory dump, access the kernel 
space, get the crypto-keys, etc. This is not a problem of using 
the command. It is a problem of a user getting root access. 
 
I think your security analysis is flawed.

> I haven't physical control to the machine, that's the main problem.

Why is that a problem?

> I have only access to the server for installation, and then i have to
> send it to my client. 

Still no reason to not use cryptsetup. The only reason I see
for using the library is convenience or integration, but 
security-wise the library is not better or worse than the 
stand-alone executable.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier