[systemd-devel] [PATCH] [RFC] Add binary password agent protocol
Lennart Poettering
lennart at poettering.net
Thu Jul 3 04:41:43 PDT 2014
On Fri, 27.06.14 01:54, David Härdeman (david at hardeman.nu) wrote:
> Add binary string handling functions and extend the password agent
> protocol to support binary strings (using "=" as a string prefix
> instead of "+").
I am feeling a bit uneasy about this one. I have the suspicion that the
entire password logic should be changed around: we should never transfer
the passwords in userspace, but use the kernel keyring for this. And the
queries should probably be triggered via dbus (as soon as kdbus is done,
and we can use dbus in early-boot).
THis all makes me want to stay away from this for now. The kernel
keyring is binary-safe anyway, so half the problem goes away there. The
kernel also already has a key request API iirc (though a weird one, from
a cursory look), so we really should align ourselves a lot more with
that.
Sorry if this sounds disappointing, but I think the proper fix to get
binary passwords done is the kernel keyring, not just polishing what we
have right now.
Sorry (in particular, because I didn't reply to your mail any more
quicker, but I was unsure about this whole thing myself...),
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list