[pkg-cryptsetup-devel] Bug#994610: cryptsetup: creation/cleanup of /etc/crypttab
Guilhem Moulin
guilhem at debian.org
Sat Sep 18 16:20:58 BST 2021
On Sat, 18 Sep 2021 at 17:04:41 +0200, Guilhem Moulin wrote:
> I don't see why it makes more sense to og-rwx /etc/crypttab by default
> compared to /etc/fstab or /etc/systemd/system. If that makes sense in
> YOUR environment, then YOU are free to do it manually
Note however that if cryptsetup-initramfs is installed, and some disks
need to be unlocked at early boot, then a crypttab snippet is included
in the initramfs image. That image is world-readable by default, so
extra steps need to be taken not to leak data. Perhaps update-initramfs
should error out when it's about to generate a world-readable image
containing files/directories with restrictions, but it doesn't AFAIK.
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20210918/c172530a/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list