From: Pavel Machek <pavel@ucw.cz>
To: Matt Mackall <mpm@selenic.com>,
linux-kernel <linux-kernel@vger.kernel.org>,
Christophe Saout <christophe@saout.de>,
Clemens Fruhwirth <clemens@endorphin.org>,
dm-crypt@saout.de
Subject: Re: dm-crypt crypt_status reports key?
Date: Thu, 3 Feb 2005 22:53:05 +0100 [thread overview]
Message-ID: <20050203215305.GA1483@elf.ucw.cz> (raw)
In-Reply-To: <20050202235002.GD14097@agk.surrey.redhat.com>
Hi!
> > # dmsetup table /dev/mapper/volume1
> > 0 2000000 crypt aes-plain 0123456789abcdef0123456789abcdef 0 7:0 0
>
> > Obviously, root can in principle recover this password from the
> > running kernel but it seems silly to make it so easy.
>
> There seemed little point obfuscating it - someone will only
> write a trivial utility that recovers it.
>
> The current approach has the advantage of making it
> obvious to you that if you have root access, you have
> access to the password while the encrypted data volumes
> are mounted.
>
> Consider instead *why* you're worried about the password being
> held in RAM and look for better solutions to *your*
> perceived threats.
Actually, this *is* bad. I bet someone is going to post their secret
key to lkml when debugging...
Or I can see conversation like this:
admin: "My devices work too slowly, is there something wrong with
device mapper?"
Pavel walks to his console, says: "Okay, show me your
/dev/mapper/volume1"
admin does that.
For this to be usefull Pavel'd have to remember the key before admin
realizes what he has done, but..... Or imagine pavel shoulder-surfing
admin trying to debug device mapper.
Pavel
--
People were complaining that M$ turns users into beta-testers...
...jr ghea gurz vagb qrirybcref, naq gurl frrz gb yvxr vg gung jnl!
next prev parent reply other threads:[~2005-02-03 22:14 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-02 21:19 dm-crypt crypt_status reports key? Matt Mackall
2005-02-02 23:50 ` Alasdair G Kergon
2005-02-03 1:00 ` Matt Mackall
2005-02-03 21:53 ` Pavel Machek [this message]
2005-02-03 1:33 ` Christophe Saout
2005-02-03 1:52 ` Matt Mackall
2005-02-03 2:34 ` Christophe Saout
2005-02-03 4:05 ` Matt Mackall
2005-02-03 13:07 ` Christophe Saout
2005-02-03 14:18 ` Fruhwirth Clemens
2005-02-03 10:15 ` Christopher Warner
2005-02-03 15:17 ` Fruhwirth Clemens
2005-02-03 14:47 ` Andries Brouwer
2005-02-03 15:00 ` Fruhwirth Clemens
2005-02-04 13:27 ` [dm-crypt] " Fruhwirth Clemens
2005-02-04 14:03 ` Christophe Saout
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050203215305.GA1483@elf.ucw.cz \
--to=pavel@ucw.cz \
--cc=christophe@saout.de \
--cc=clemens@endorphin.org \
--cc=dm-crypt@saout.de \
--cc=linux-kernel@vger.kernel.org \
--cc=mpm@selenic.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox