From owner-freebsd-bugs@FreeBSD.ORG Wed Mar 12 01:20:03 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0C4301065679 for ; Wed, 12 Mar 2008 01:20:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id EE6A78FC24 for ; Wed, 12 Mar 2008 01:20:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m2C1K2oj089501 for ; Wed, 12 Mar 2008 01:20:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m2C1K2is089500; Wed, 12 Mar 2008 01:20:02 GMT (envelope-from gnats) Date: Wed, 12 Mar 2008 01:20:02 GMT Message-Id: <200803120120.m2C1K2is089500@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Volker Cc: Subject: Re: conf/80158: [gbde] [patch] [request] configuration option for specifing the GBDE passphrase. X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Volker List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Mar 2008 01:20:03 -0000 The following reply was made to PR conf/80158; it has been noted by GNATS. From: Volker To: bug-followup@FreeBSD.org, daved@tamu.edu Cc: Subject: Re: conf/80158: [gbde] [patch] [request] configuration option for specifing the GBDE passphrase. Date: Wed, 12 Mar 2008 02:17:32 +0100 David, while working on the backlog of problem reports, I came across your ticket. I'm sorry to tell, but I'm unable to go and look for a maintainer to take care about your report because importing this patch is a threat to the system security in general. Securing data laying around on a hard disk and putting the key for protecting the data eventually onto the same disk is really a bad idea. This is like putting the key for your car onto the drivers seat and leave your car unlocked. The idea to have the passphrase to decrypt the data of your hard disk being put into /etc/rc.conf might work for you if you're having a separate disk for the root-fs (where /etc is located) and another set of disks under control of gbde. But this is not a true for every system. Importing your patch into the base infrastructure might lead the not too experienced and not too security minded user into thinking, doing this is safe - which is of course wrong. So my view to your patch is, it may lead someone else into getting the feeling of using a secured (encrypted) system which is - on the other side - decryptable for anybody who has read access to the root-fs. I think this problem might be the case why this ticket hasn't been touched for years. Because I don't really see the chance to get this imported into the base system, I'm going to suspend this ticket so just for the case any of the maintainers might have a different view can grab and re-open this ticket. Of course you're welcome to disagree and file a followup to this ticket. If you agree and understand that the patch might possibly not being imported, you may also request to have that ticket being closed. I hope you understand the objection. Thanks a lot for your understanding!