Date: Wed, 4 Feb 2004 20:51:22 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Dag-Erling Smorgrav <des@FreeBSD.org> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc/rc.d gbde_swap Message-ID: <20040204195122.GH14639@garage.freebsd.pl> In-Reply-To: <200402041553.i14Fro7E077632@repoman.freebsd.org> References: <200402041553.i14Fro7E077632@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--AqCDj3hiknadvR6t Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 04, 2004 at 07:53:50AM -0800, Dag-Erling Smorgrav wrote: +> Commiter: Dag-Erling Smorgrav <des@FreeBSD.org> +> Branch: HEAD +>=20 +> Files: +> 1.2 src/etc/rc.d/gbde_swap =20 +>=20 +> Log: +> We don't really need a lockfile, and most likely can't create one at +> this point. I'm not sure, that giving a passphrase as an argument is safe. Maybe it is at boot time (but it is still doubtful), but scripts from /etc/rc.d/ are intended to run after boot as well and here it is obviously insecure. We should better implement -k/-K options for gbde(8), that will allow getti= ng passphrase from a file or standard input. --=20 Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! --AqCDj3hiknadvR6t Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQFAIU06ForvXbEpPzQRAj4TAJ9Ui98jHoutLEnyW7LwSYtNG9lNzwCg0K68 GRAkOh5Yo4ZigdRwXq4p+Ho= =2WmL -----END PGP SIGNATURE----- --AqCDj3hiknadvR6t--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040204195122.GH14639>