From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <wagner@tansi.org>
Received: from tansi.org (ns.km10532-04.keymachine.de [87.118.102.195])
	by mail.saout.de (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Wed,  7 Apr 2010 12:59:02 +0200 (CEST)
Received: from gatewagner.dyndns.org (84-74-164-239.dclient.hispeed.ch
	[84.74.164.239]) by tansi.org (Postfix) with ESMTPA id 0276B212804A
	for <dm-crypt@saout.de>; Wed,  7 Apr 2010 12:59:01 +0200 (CEST)
Date: Wed, 7 Apr 2010 13:01:26 +0200
From: Arno Wagner <arno@wagner.name>
Message-ID: <20100407110126.GA28219@tansi.org>
References: <1270631531.2807.26.camel@desa-compendia-tux>
	<4BBC5662.2040503@redhat.com>
	<1270634743.2807.37.camel@desa-compendia-tux>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1270634743.2807.37.camel@desa-compendia-tux>
Subject: Re: [dm-crypt] Library to do a 'luksOpen' programatically
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Wed, Apr 07, 2010 at 12:05:43PM +0200, Miguel ?ngel Garc?a Roig wrote:
> El mi??, 07-04-2010 a las 11:54 +0200, Milan Broz escribi??:
> > On 04/07/2010 11:12 AM, Miguel ??ngel Garc??a Roig wrote:
> > > I'm trying to do a : 
> > > 
> > > # cryptsetup luksOpen /dev/hda2 root
> > > 
> > > using a library call or similar. I am not able to call cryptsetup
> > > directly due to security reasons.
> > 
> > Which security reasons?
> 
> If i make a exec() calling the cryptsetup binary, if a user
> connected to the machine can gain access to root account, he/she
> could see the command, no ?

Indeed. As he/she can see a full memory dump, access the kernel 
space, get the crypto-keys, etc. This is not a problem of using 
the command. It is a problem of a user getting root access. 
 
I think your security analysis is flawed.

> I haven't physical control to the machine, that's the main problem.

Why is that a problem?

> I have only access to the server for installation, and then i have to
> send it to my client. 

Still no reason to not use cryptsetup. The only reason I see
for using the library is convenience or integration, but 
security-wise the library is not better or worse than the 
stand-alone executable.

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier