From owner-cvs-src@FreeBSD.ORG  Wed Feb  4 11:56:36 2004
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6BFA116A4D2; Wed,  4 Feb 2004 11:56:36 -0800 (PST)
Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id EFFAB43D48; Wed,  4 Feb 2004 11:56:33 -0800 (PST)
	(envelope-from phk@phk.freebsd.dk)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.12.10/8.12.10) with ESMTP id i14JuQDF033574;
	Wed, 4 Feb 2004 20:56:32 +0100 (CET)
	(envelope-from phk@phk.freebsd.dk)
To: Pawel Jakub Dawidek <pjd@FreeBSD.org>
From: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
In-Reply-To: Your message of "Wed, 04 Feb 2004 20:51:22 +0100."
             <20040204195122.GH14639@garage.freebsd.pl> 
Date: Wed, 04 Feb 2004 20:56:26 +0100
Message-ID: <33573.1075924586@critter.freebsd.dk>
cc: cvs-src@FreeBSD.org
cc: src-committers@FreeBSD.org
cc: cvs-all@FreeBSD.org
cc: Dag-Erling Smorgrav <des@FreeBSD.org>
Subject: Re: cvs commit: src/etc/rc.d gbde_swap 
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Feb 2004 19:56:36 -0000

In message <20040204195122.GH14639@garage.freebsd.pl>, Pawel Jakub Dawidek writ
es:
>+>   Log:
>+>   We don't really need a lockfile, and most likely can't create one at
>+>   this point.
>
>I'm not sure, that giving a passphrase as an argument is safe.
>Maybe it is at boot time (but it is still doubtful), but scripts from
>/etc/rc.d/ are intended to run after boot as well and here it is obviously
>insecure.
>
>We should better implement -k/-K options for gbde(8), that will allow getti=
>ng
>passphrase from a file or standard input.

There are several issues with the gbde(8) command that needs fixed.
I have a patch in my inbox which solves some of them, but makes it
difficult to solve others so I have not moved on that patch (Apologies
to author!)

Last I had an hour to look a the gbde(8) source, my conclusion was that
in light of what we know now, the necessary things is radical rewrite
rather than just some patching up.

There is nothing to this bit of code, it's mostly just grabbing
hold of the right bits, chew them up the correct way and feed them
to the kernel, only you must do so in a secure and userfriendly
way.  (Any volunteers ?)

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.