cvs commit: src/etc/rc.d gbde_swap
Poul-Henning Kamp
phk at phk.freebsd.dk
Wed Feb 4 11:56:37 PST 2004
In message <20040204195122.GH14639 at garage.freebsd.pl>, Pawel Jakub Dawidek writ
es:
>+> Log:
>+> We don't really need a lockfile, and most likely can't create one at
>+> this point.
>
>I'm not sure, that giving a passphrase as an argument is safe.
>Maybe it is at boot time (but it is still doubtful), but scripts from
>/etc/rc.d/ are intended to run after boot as well and here it is obviously
>insecure.
>
>We should better implement -k/-K options for gbde(8), that will allow getti=
>ng
>passphrase from a file or standard input.
There are several issues with the gbde(8) command that needs fixed.
I have a patch in my inbox which solves some of them, but makes it
difficult to solve others so I have not moved on that patch (Apologies
to author!)
Last I had an hour to look a the gbde(8) source, my conclusion was that
in light of what we know now, the necessary things is radical rewrite
rather than just some patching up.
There is nothing to this bit of code, it's mostly just grabbing
hold of the right bits, chew them up the correct way and feed them
to the kernel, only you must do so in a secure and userfriendly
way. (Any volunteers ?)
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the cvs-all
mailing list