[systemd-devel] [systemd-commits] 10 commits - Makefile.am TODO man/sd_id128_to_string.xml man/systemd.unit.xml src/core src/cryptsetup src/libsystemd-id128 src/nspawn src/nss-myhostname src/shared src/systemd src/test units/.gitignore units/systemd-nspawn at .service.in
Lennart Poettering
lennart at poettering.net
Fri May 3 06:26:31 PDT 2013
On Tue, 30.04.13 15:28, Zbigniew Jędrzejewski-Szmek (zbyszek at in.waw.pl) wrote:
>
> On Tue, Apr 30, 2013 at 04:36:11AM -0700, Lennart Poettering wrote:
> > commit 5f1dac6bf605871615b35891a3966fa474db5b20
> > Author: Lennart Poettering <lennart at poettering.net>
> > Date: Mon Apr 29 19:57:29 2013 -0300
> >
> > cryptsetup: warn if keyfiles are world-readable
> Hi,
>
> this part is understandable...
>
> > commit 8973790ee6f62132b1b57de15c4edaef2c097004
> > Author: Lennart Poettering <lennart at poettering.net>
> > Date: Mon Apr 29 19:48:03 2013 -0300
> >
> > cryptsetup: warn if /etc/crypttab is world-readable
> ...but this one not. Majority of crypttabs out there contain stuff
> like 'part_crypt /dev/part none luks' and the content can be inferred
> from 'ls -l /dev/mapper' and distribution defaults. Passwords cannot
> be stored in /etc/crypttab... No need to force people to hide
> crypttab for no good reason.
Hmm, yeah, I guess this was a bit premature. It was my plan though to
readd support for specifying passwords in crypttab itself too. (This
used to be available in many distros, and I think it's actually
useful...). Anyway, for now I have downgraded the warning to debug
again.
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the systemd-devel
mailing list