Date: Wed, 04 Feb 2004 20:56:26 +0100 From: "Poul-Henning Kamp" <phk@phk.freebsd.dk> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: Dag-Erling Smorgrav <des@FreeBSD.org> Subject: Re: cvs commit: src/etc/rc.d gbde_swap Message-ID: <33573.1075924586@critter.freebsd.dk> In-Reply-To: Your message of "Wed, 04 Feb 2004 20:51:22 %2B0100." <20040204195122.GH14639@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20040204195122.GH14639@garage.freebsd.pl>, Pawel Jakub Dawidek writ es: >+> Log: >+> We don't really need a lockfile, and most likely can't create one at >+> this point. > >I'm not sure, that giving a passphrase as an argument is safe. >Maybe it is at boot time (but it is still doubtful), but scripts from >/etc/rc.d/ are intended to run after boot as well and here it is obviously >insecure. > >We should better implement -k/-K options for gbde(8), that will allow getti= >ng >passphrase from a file or standard input. There are several issues with the gbde(8) command that needs fixed. I have a patch in my inbox which solves some of them, but makes it difficult to solve others so I have not moved on that patch (Apologies to author!) Last I had an hour to look a the gbde(8) source, my conclusion was that in light of what we know now, the necessary things is radical rewrite rather than just some patching up. There is nothing to this bit of code, it's mostly just grabbing hold of the right bits, chew them up the correct way and feed them to the kernel, only you must do so in a secure and userfriendly way. (Any volunteers ?) -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?33573.1075924586>