dm-crypt crypt_status reports key?

From: Matt Mackall
Date: Wed Feb 02 2005 - 16:29:00 EST

Next message: hui: "Re: [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU_RATIO feature"
Previous message: Mike Waychison: "Re: [RFC] shared subtrees"
Next in thread: Alasdair G Kergon: "Re: dm-crypt crypt_status reports key?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>From looking at the dm_crypt code, it appears that it can be
interrogated to report the current key. Some quick testing shows:

# dmsetup table /dev/mapper/volume1
0 2000000 crypt aes-plain 0123456789abcdef0123456789abcdef 0 7:0 0

Obviously, root can in principle recover this password from the
running kernel but it seems silly to make it so easy.

Moreover, it seems this facility exists to support some form of
automated table storage (LVM?). As we don't want anyone/anything
accidentally storing our passwords on disk in the clear, we probably
shouldn't facilitate this. Perhaps we can stick something here like
"<secret>" that the dm_crypt constructor can reject.

--
Mathematics is the supreme nostalgia of our time.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: hui: "Re: [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU_RATIO feature"
Previous message: Mike Waychison: "Re: [RFC] shared subtrees"
Next in thread: Alasdair G Kergon: "Re: dm-crypt crypt_status reports key?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]