[systemd-devel] [systemd-commits] 10 commits - Makefile.am TODO man/sd_id128_to_string.xml man/systemd.unit.xml src/core src/cryptsetup src/libsystemd-id128 src/nspawn src/nss-myhostname src/shared src/systemd src/test units/.gitignore units/systemd-nspawn at .service.in
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Tue Apr 30 06:28:59 PDT 2013
On Tue, Apr 30, 2013 at 04:36:11AM -0700, Lennart Poettering wrote:
> commit 5f1dac6bf605871615b35891a3966fa474db5b20
> Author: Lennart Poettering <lennart at poettering.net>
> Date: Mon Apr 29 19:57:29 2013 -0300
>
> cryptsetup: warn if keyfiles are world-readable
Hi,
this part is understandable...
> commit 8973790ee6f62132b1b57de15c4edaef2c097004
> Author: Lennart Poettering <lennart at poettering.net>
> Date: Mon Apr 29 19:48:03 2013 -0300
>
> cryptsetup: warn if /etc/crypttab is world-readable
...but this one not. Majority of crypttabs out there contain stuff
like 'part_crypt /dev/part none luks' and the content can be inferred
from 'ls -l /dev/mapper' and distribution defaults. Passwords cannot
be stored in /etc/crypttab... No need to force people to hide
crypttab for no good reason.
Zbyszek
More information about the systemd-devel
mailing list