[Bug 223622] instant root in HAL?
https://bugzilla.novell.com/show_bug.cgi?id=223622 ------- Comment #4 from dkukawka@novell.com 2006-11-24 08:50 MST ------- I would now apply this patch, is this okay from security POV?: -------------------------------------------------------------- diff --git a/tools/linux/hal-luks-setup-linux b/tools/linux/hal-luks-setup-linux index 11fa148..8124be4 100755 --- a/tools/linux/hal-luks-setup-linux +++ b/tools/linux/hal-luks-setup-linux @@ -6,7 +6,7 @@ # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2. -read password +read PASSWORD PASSWORD=${PASSWORD//[^[:alnum:]_=[:space:]:.+-]/@} CRYPTSETUP=/sbin/cryptsetup @@ -23,7 +23,7 @@ if [ -e /dev/mapper/luks_crypto_$HAL_PRO exit 1 fi -if ! echo $password | $CRYPTSETUP luksOpen $HAL_PROP_BLOCK_DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID 2> /dev/null; then +if ! echo "$PASSWORD" | $CRYPTSETUP luksOpen $HAL_PROP_BLOCK_DEVICE luks_crypto_$HAL_PROP_VOLUME_UUID 2> /dev/null; then echo org.freedesktop.Hal.Device.Volume.Crypto.SetupPasswordError >&2 echo Error setting up $HAL_PROP_BLOCK_DEVICE - bad password? >&2 exit 1 -------------------------------------------------------------- -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com