cryptsetup: warn if keyfiles are world-readable

[elogind.git] / src / cryptsetup / cryptsetup.c

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 376f748153348e40ae8dd7c461b91a2da87a8ec2..347394db8ea802001e21e4daa5a86d48e52f96d3 100644 (file)
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -497,10 +497,25 @@ int main(int argc, char *argv[]) {
                                  crypt_get_volume_key_size(cd)*8,
                                  argv[3]);
 
-                        if (key_file)
-                                k = crypt_activate_by_keyfile_offset(cd, argv[2], CRYPT_ANY_SLOT, key_file, opt_keyfile_size,
-                                            opt_keyfile_offset, flags);
-                        else {
+                        if (key_file) {
+                                struct stat st;
+
+                                /* Ideally we'd do this on the open
+                                 * fd, but since this is just a
+                                 * warning it's OK to do this in two
+                                 * steps */
+                                if (stat(key_file, &st) >= 0 && (st.st_mode & 0005))
+                                        log_warning("Key file %s is world-readable. That's certainly not a good idea.", key_file);
+
+                                k = crypt_activate_by_keyfile_offset(
+                                                cd, argv[2], CRYPT_ANY_SLOT, key_file, opt_keyfile_size,
+                                                opt_keyfile_offset, flags);
+                                if (k < 0) {
+                                        log_error("Failed to activate with key file '%s': %s", key_file, strerror(-k));
+                                        key_file = NULL;
+                                        continue;
+                                }
+                        } else {
                                 char **p;
 
                                 STRV_FOREACH(p, passwords) {