summaryrefslogtreecommitdiff
path: root/src/cryptsetup
diff options
context:
space:
mode:
authorMartin Pitt <martin.pitt@ubuntu.com>2015-02-02 16:53:39 +0100
committerMartin Pitt <martin.pitt@ubuntu.com>2015-02-02 16:53:39 +0100
commit3f4d56a069d8aedc0a784b6f4a2c049db76289b7 (patch)
tree9a6a49e318f6504ee09db8eb9d0970cd9bb15e02 /src/cryptsetup
parentd109a95f3d7f8c5c50d6fd48221791fcc98b4544 (diff)
downloadsystemd-3f4d56a069d8aedc0a784b6f4a2c049db76289b7.tar.gz
systemd-3f4d56a069d8aedc0a784b6f4a2c049db76289b7.tar.bz2
systemd-3f4d56a069d8aedc0a784b6f4a2c049db76289b7.zip
cryptsetup: only warn on real key files
Simplify the check from commit 05f73ad to only apply the warning to regular files instead of enumerating device nodes.
Diffstat (limited to 'src/cryptsetup')
-rw-r--r--src/cryptsetup/cryptsetup.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 38930aee07..26141a01b0 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -624,10 +624,8 @@ int main(int argc, char *argv[]) {
/* Ideally we'd do this on the open fd, but since this is just a
* warning it's OK to do this in two steps. */
- if (stat(key_file, &st) >= 0 && (st.st_mode & 0005)) {
- if(!STR_IN_SET(key_file, "/dev/urandom", "/dev/random", "/dev/hw_random"))
- log_warning("Key file %s is world-readable. This is not a good idea!", key_file);
- }
+ if (stat(key_file, &st) >= 0 && S_ISREG(st.st_mode) && (st.st_mode & 0005))
+ log_warning("Key file %s is world-readable. This is not a good idea!", key_file);
}
for (tries = 0; arg_tries == 0 || tries < arg_tries; tries++) {