the file permission about encrypted swap on slackware 13.1
I use the follow command to create a encrypted swap :
Code:
bash# echo "cryptswap /dev/sda5 none swap" >> /etc/crypttab Code:
/dev/sda6 / ext4 defaults 1 1 That's work fine, but I found the permission of '/dev/mapper/cryptswap' is like this : Code:
hello@world:~$ ls -l /dev/mapper/cryptswap |
I think the strength of a system's security should not be based on whether someone can read (or access) the data, but whether someone can actually make head or tail of it - ie access the data in its cleartext format. If the data was so secure that no-one could ever get to it, then what would be the point of even encrypting it :-) So, unless the keys to decrypt the data were easily available, or the method was weak, I think you're OK.
|
This is the same issue as was reported here.
It happens on all luks devices, not just the swap. Upgrading to cryptsetup 1.1.1 fixes it, although it doesn't fix some of the other issues we've been talking about. @Mark, That device with the 'others read' attribute is the unencrypted luks mapping of the swap device, not the encrypted partition that is its backing store. Therefore, it's wide open. hello.freeman is right to be concerned. This is definitely a security problem. |
Ah I see. I did try to qualify my answer by asking if the data was in the cleartext. In this case it's not and I agree that it kinda makes the whole thing open and useless. Thanks.
|
I fixed the problem by added a command in '/etc/rc.d/rc.S' :
Code:
elif echo $OPTS | grep -wq swap ; then thanks very much for the info. |
All times are GMT -5. The time now is 02:54 PM. |