From: Matt Mackall <mpm@selenic.com>
To: Christophe Saout <christophe@saout.de>
Cc: linux-kernel <linux-kernel@vger.kernel.org>,
Clemens Fruhwirth <clemens@endorphin.org>,
dm-crypt@saout.de, Alasdair G Kergon <agk@redhat.com>
Subject: Re: dm-crypt crypt_status reports key?
Date: Wed, 2 Feb 2005 17:52:36 -0800 [thread overview]
Message-ID: <20050203015236.GO2493@waste.org> (raw)
In-Reply-To: <1107394381.10497.16.camel@server.cs.pocnet.net>
On Thu, Feb 03, 2005 at 02:33:01AM +0100, Christophe Saout wrote:
> Am Mittwoch, den 02.02.2005, 13:19 -0800 schrieb Matt Mackall:
>
> > From looking at the dm_crypt code, it appears that it can be
> > interrogated to report the current key. Some quick testing shows:
> >
> > # dmsetup table /dev/mapper/volume1
> > 0 2000000 crypt aes-plain 0123456789abcdef0123456789abcdef 0 7:0 0
> >
> > Obviously, root can in principle recover this password from the
> > running kernel but it seems silly to make it so easy.
>
> I already tried that. It took me about five minutes using a shell, dd
> and hexdump to get the key out of the running kernel...
Indeed.
> Yes, the reason is that the device-mapper supports on-the-fly
> modifications of the device. cryptsetup has a command to resize the
> mapping for example. It can do that without asking for the password
> again. Features like this are the reason I'm doing this. Userspace tools
> should be able to assume that they can use the result of a table status
> command to create a new table with this information.
Hmm, interesting. A password per resize is not terribly onerous though.
> An alternativ would be to use some form of handle to point to the key
> after it has been given to the kernel. But that would require some more
> infrastructure.
There's been some talk about such infrastructure already. I believe
some pieces of it may already be in place.
> BTW: The setkey command also seems to return the keys in use for IPSEC
> connections.
While possibly suboptimal, this won't surprise anyone. But dmsetup has
no mention of security in its manpage and doesn't show keys in typical
LVM usage. So people might reasonably assume that data from dmsetup
tables is not secret.
--
Mathematics is the supreme nostalgia of our time.
next prev parent reply other threads:[~2005-02-03 1:58 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-02 21:19 dm-crypt crypt_status reports key? Matt Mackall
2005-02-02 23:50 ` Alasdair G Kergon
2005-02-03 1:00 ` Matt Mackall
2005-02-03 21:53 ` Pavel Machek
2005-02-03 1:33 ` Christophe Saout
2005-02-03 1:52 ` Matt Mackall [this message]
2005-02-03 2:34 ` Christophe Saout
2005-02-03 4:05 ` Matt Mackall
2005-02-03 13:07 ` Christophe Saout
2005-02-03 14:18 ` Fruhwirth Clemens
2005-02-03 10:15 ` Christopher Warner
2005-02-03 15:17 ` Fruhwirth Clemens
2005-02-03 14:47 ` Andries Brouwer
2005-02-03 15:00 ` Fruhwirth Clemens
2005-02-04 13:27 ` [dm-crypt] " Fruhwirth Clemens
2005-02-04 14:03 ` Christophe Saout
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050203015236.GO2493@waste.org \
--to=mpm@selenic.com \
--cc=agk@redhat.com \
--cc=christophe@saout.de \
--cc=clemens@endorphin.org \
--cc=dm-crypt@saout.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox