Vulnerability with compromised geli credentials?

Abiron Arroyo abi at e-arroyo.net
Sun May 18 01:27:17 UTC 2008


I'm not really a developer, but was considering if there is a key
vulnerability in geli given that when you change a key there isn't a disk
update.

Consider the scenario where a new file system is created and populated
with some files. At a later time the original key is changed because
someone has gained access to the key and passphrase. A new key is
generated and attached, but none of the files are modified.

Furthermore, let's say the thief has access to the system and is able to
update the disk to use the previous key and then reattach/mount. Is it
then possible for the person that has the stolen credentials to mount the
drive and view the files? The man page does not detail how the metadata is
written.

With that said, if this is possible, what's the best way to update the
system? I suspect that moving the file is not enough, using vi in a script
is not very practical, and using cat may cause problems with some special
characters.




More information about the freebsd-security mailing list