cryptsetup: Do not warn If the key is /dev/*random

author Cristian Rodríguez <crrodriguez@opensuse.org>

Mon, 2 Feb 2015 15:06:05 +0000 (12:06 -0300)

committer Martin Pitt <martin.pitt@ubuntu.com>

Mon, 2 Feb 2015 15:41:31 +0000 (16:41 +0100)
author Cristian Rodríguez <crrodriguez@opensuse.org>
Mon, 2 Feb 2015 15:06:05 +0000 (12:06 -0300)
committer Martin Pitt <martin.pitt@ubuntu.com>
Mon, 2 Feb 2015 15:41:31 +0000 (16:41 +0100)
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c

index e6b37acb8620bc1da130fa1cffb05d7ae43ca488..38930aee072b69ffd0884006419a4cf25a7c98bb 100644 (file)
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -624,8 +624,10 @@ int main(int argc, char *argv[]) {
  
                          /* Ideally we'd do this on the open fd, but since this is just a
                           * warning it's OK to do this in two steps. */
  
                          /* Ideally we'd do this on the open fd, but since this is just a
                           * warning it's OK to do this in two steps. */
-                        if (stat(key_file, &st) >= 0 && (st.st_mode & 0005))
-                                log_warning("Key file %s is world-readable. This is not a good idea!", key_file);
+                        if (stat(key_file, &st) >= 0 && (st.st_mode & 0005)) {
+                                if(!STR_IN_SET(key_file, "/dev/urandom", "/dev/random", "/dev/hw_random"))
+                                    log_warning("Key file %s is world-readable. This is not a good idea!", key_file);
+                        }
                  }
  
                  for (tries = 0; arg_tries == 0 || tries < arg_tries; tries++) {
                  }
  
                  for (tries = 0; arg_tries == 0 || tries < arg_tries; tries++) {
author	Cristian Rodríguez <crrodriguez@opensuse.org>
	Mon, 2 Feb 2015 15:06:05 +0000 (12:06 -0300)
committer	Martin Pitt <martin.pitt@ubuntu.com>
	Mon, 2 Feb 2015 15:41:31 +0000 (16:41 +0100)