summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2013-04-29 19:57:29 -0300
committerLennart Poettering <lennart@poettering.net>2013-04-30 08:36:01 -0300
commit5f1dac6bf605871615b35891a3966fa474db5b20 (patch)
tree3f9a74d33e326e0060571b0a3fd1d37e10fc58e8 /src
parent8973790ee6f62132b1b57de15c4edaef2c097004 (diff)
cryptsetup: warn if keyfiles are world-readable
Diffstat (limited to 'src')
-rw-r--r--src/cryptsetup/cryptsetup.c18
1 files changed, 14 insertions, 4 deletions
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index a24e61a035..347394db8e 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -497,15 +497,25 @@ int main(int argc, char *argv[]) {
crypt_get_volume_key_size(cd)*8,
argv[3]);
- if (key_file)
- k = crypt_activate_by_keyfile_offset(cd, argv[2], CRYPT_ANY_SLOT, key_file, opt_keyfile_size,
- opt_keyfile_offset, flags);
+ if (key_file) {
+ struct stat st;
+
+ /* Ideally we'd do this on the open
+ * fd, but since this is just a
+ * warning it's OK to do this in two
+ * steps */
+ if (stat(key_file, &st) >= 0 && (st.st_mode & 0005))
+ log_warning("Key file %s is world-readable. That's certainly not a good idea.", key_file);
+
+ k = crypt_activate_by_keyfile_offset(
+ cd, argv[2], CRYPT_ANY_SLOT, key_file, opt_keyfile_size,
+ opt_keyfile_offset, flags);
if (k < 0) {
log_error("Failed to activate with key file '%s': %s", key_file, strerror(-k));
key_file = NULL;
continue;
}
- else {
+ } else {
char **p;
STRV_FOREACH(p, passwords) {