Comment 12 for bug 1878115
Revision history for this message
| Michael Hudson-Doyle (mwhudson) wrote Re: [Bug 1878115] Re: logged luks passwords | #12 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
On Fri, 15 May 2020 at 20:01, Zbigniew Jędrzejewski-Szmek <email address hidden>
wrote:
> Oh, man. Once the password is written to a file on a real disk
> (/var/...), it should be considered compromised. Using shred or rm makes
> no guarantee that the bytes are removed from the device. In particular,
> it would be fairly trivial to do something like "grep 'merged config'
> /dev/sda" and chances are that this will find the password if it was
> written there.
>
I agree with this.
> Writing the password to /run/... is much much better though not ideal.
> /run is backed by a tmpfs, and tmpfs contents can be written out to
> swap. Chances of this happening and password being retrievable from disk
are much smaller than in case of a disk-backed filesystem, but keeping
> the password always in mlocked memory would be better.
>
The server installer does not set up swap and the filesystem is a
tmpfs-backed overlay so that risk doesn't really apply here.