diff options
author | Martin Pitt <martin.pitt@ubuntu.com> | 2015-02-02 16:53:39 +0100 |
---|---|---|
committer | Martin Pitt <martin.pitt@ubuntu.com> | 2015-02-02 16:53:39 +0100 |
commit | 3f4d56a069d8aedc0a784b6f4a2c049db76289b7 (patch) | |
tree | 9a6a49e318f6504ee09db8eb9d0970cd9bb15e02 /src/cryptsetup | |
parent | d109a95f3d7f8c5c50d6fd48221791fcc98b4544 (diff) | |
download | systemd-3f4d56a069d8aedc0a784b6f4a2c049db76289b7.tar.gz systemd-3f4d56a069d8aedc0a784b6f4a2c049db76289b7.tar.bz2 systemd-3f4d56a069d8aedc0a784b6f4a2c049db76289b7.zip |
cryptsetup: only warn on real key files
Simplify the check from commit 05f73ad to only apply the warning to regular
files instead of enumerating device nodes.
Diffstat (limited to 'src/cryptsetup')
-rw-r--r-- | src/cryptsetup/cryptsetup.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index 38930aee07..26141a01b0 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -624,10 +624,8 @@ int main(int argc, char *argv[]) { /* Ideally we'd do this on the open fd, but since this is just a * warning it's OK to do this in two steps. */ - if (stat(key_file, &st) >= 0 && (st.st_mode & 0005)) { - if(!STR_IN_SET(key_file, "/dev/urandom", "/dev/random", "/dev/hw_random")) - log_warning("Key file %s is world-readable. This is not a good idea!", key_file); - } + if (stat(key_file, &st) >= 0 && S_ISREG(st.st_mode) && (st.st_mode & 0005)) + log_warning("Key file %s is world-readable. This is not a good idea!", key_file); } for (tries = 0; arg_tries == 0 || tries < arg_tries; tries++) { |