conf/80158: [gbde] [patch] [request] configuration option for specifing the GBDE passphrase.

Volker volker at vwsoft.com
Wed Mar 12 01:20:03 UTC 2008 

The following reply was made to PR conf/80158; it has been noted by GNATS.

From: Volker <volker at vwsoft.com>
To: bug-followup at FreeBSD.org, daved at tamu.edu
Cc:  
Subject: Re: conf/80158: [gbde] [patch] [request] configuration option for
 specifing the GBDE passphrase.
Date: Wed, 12 Mar 2008 02:17:32 +0100

 David,
 
 while working on the backlog of problem reports, I came across your ticket.
 
 I'm sorry to tell, but I'm unable to go and look for a maintainer to
 take care about your report because importing this patch is a threat to
 the system security in general. Securing data laying around on a hard
 disk and putting the key for protecting the data eventually onto the
 same disk is really a bad idea. This is like putting the key for your
 car onto the drivers seat and leave your car unlocked.
 
 The idea to have the passphrase to decrypt the data of your hard disk
 being put into /etc/rc.conf might work for you if you're having a
 separate disk for the root-fs (where /etc is located) and another set of
 disks under control of gbde. But this is not a true for every system.
 Importing your patch into the base infrastructure might lead the not too
 experienced and not too security minded user into thinking, doing this
 is safe - which is of course wrong.
 
 So my view to your patch is, it may lead someone else into getting the
 feeling of using a secured (encrypted) system which is - on the other
 side - decryptable for anybody who has read access to the root-fs.
 
 I think this problem might be the case why this ticket hasn't been
 touched for years.
 
 Because I don't really see the chance to get this imported into the base
 system, I'm going to suspend this ticket so just for the case any of the
 maintainers might have a different view can grab and re-open this ticket.
 
 Of course you're welcome to disagree and file a followup to this ticket.
 If you agree and understand that the patch might possibly not being
 imported, you may also request to have that ticket being closed.
 
 I hope you understand the objection.
 
 Thanks a lot for your understanding!

More information about the freebsd-bugs mailing list