From: Martin Pitt <martin.pitt@ubuntu.com>
Date: Mon, 2 Feb 2015 15:53:39 +0000 (+0100)
Subject: cryptsetup: only warn on real key files
X-Git-Tag: v219~197
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=3f4d56a069d8aedc0a784b6f4a2c049db76289b7

cryptsetup: only warn on real key files

Simplify the check from commit 05f73ad to only apply the warning to regular
files instead of enumerating device nodes.
---

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 38930aee0..26141a01b 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -624,10 +624,8 @@ int main(int argc, char *argv[]) {
 
                         /* Ideally we'd do this on the open fd, but since this is just a
                          * warning it's OK to do this in two steps. */
-                        if (stat(key_file, &st) >= 0 && (st.st_mode & 0005)) {
-                                if(!STR_IN_SET(key_file, "/dev/urandom", "/dev/random", "/dev/hw_random"))
-                                    log_warning("Key file %s is world-readable. This is not a good idea!", key_file);
-                        }
+                        if (stat(key_file, &st) >= 0 && S_ISREG(st.st_mode) && (st.st_mode & 0005))
+                                log_warning("Key file %s is world-readable. This is not a good idea!", key_file);
                 }
 
                 for (tries = 0; arg_tries == 0 || tries < arg_tries; tries++) {