cryptsetup: Do not warn If the key is /dev/*random

Using /dev/urandom as a key is valid for swap, do not warn if this devices are world readable.
author: Cristian Rodríguez <crrodriguez@opensuse.org> 2015-02-02 12:06:05 -0300
committer: Martin Pitt <martin.pitt@ubuntu.com> 2015-02-02 16:41:31 +0100
commit: 05f73ad22b85270c7db4ff7cbb6da852ad71d4c1 (patch)
tree: bcd12cdf4063ceaeb09ce1dba51d5caa28259f68 /src/cryptsetup
parent: 5544ee85163733eaa50f598fcf3bd9421d4a42f9 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index e6b37acb86..38930aee07 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -624,8 +624,10 @@ int main(int argc, char *argv[]) {
 
                         /* Ideally we'd do this on the open fd, but since this is just a
                          * warning it's OK to do this in two steps. */
-                        if (stat(key_file, &st) >= 0 && (st.st_mode & 0005))
-                                log_warning("Key file %s is world-readable. This is not a good idea!", key_file);
+                        if (stat(key_file, &st) >= 0 && (st.st_mode & 0005)) {
+                                if(!STR_IN_SET(key_file, "/dev/urandom", "/dev/random", "/dev/hw_random"))
+                                    log_warning("Key file %s is world-readable. This is not a good idea!", key_file);
+                        }
                 }
 
                 for (tries = 0; arg_tries == 0 || tries < arg_tries; tries++) {
author	Cristian Rodríguez <crrodriguez@opensuse.org>	2015-02-02 12:06:05 -0300
committer	Martin Pitt <martin.pitt@ubuntu.com>	2015-02-02 16:41:31 +0100
commit	05f73ad22b85270c7db4ff7cbb6da852ad71d4c1 (patch)
tree	bcd12cdf4063ceaeb09ce1dba51d5caa28259f68 /src/cryptsetup
parent	5544ee85163733eaa50f598fcf3bd9421d4a42f9 (diff)