Hi!
> > # dmsetup table /dev/mapper/volume1
> > 0 2000000 crypt aes-plain 0123456789abcdef0123456789abcdef 0 7:0 0
>
> > Obviously, root can in principle recover this password from the
> > running kernel but it seems silly to make it so easy.
>
> There seemed little point obfuscating it - someone will only
> write a trivial utility that recovers it.
>
> The current approach has the advantage of making it
> obvious to you that if you have root access, you have
> access to the password while the encrypted data volumes
> are mounted.
>
> Consider instead *why* you're worried about the password being
> held in RAM and look for better solutions to *your*
> perceived threats.
Actually, this *is* bad. I bet someone is going to post their secret
key to lkml when debugging...
Or I can see conversation like this:
admin: "My devices work too slowly, is there something wrong with
device mapper?"
Pavel walks to his console, says: "Okay, show me your
/dev/mapper/volume1"
admin does that.
For this to be usefull Pavel'd have to remember the key before admin
realizes what he has done, but..... Or imagine pavel shoulder-surfing
admin trying to debug device mapper.
Pavel
--
People were complaining that M$ turns users into beta-testers...
...jr ghea gurz vagb qrirybcref, naq gurl frrz gb yvxr vg gung jnl!
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
