[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bug in build-gpgmount.sh
Loop-AES contains build-gpgmount.sh script that can be used to create a
program to mount loop devices using GnuPG encrypted loop key. Intent is for
created program to start both gpg and mount programs in a way that non-root
users decrypt loop encryption key from GnuPG encrypted file without non-root
users having access to actual loop encryption key.
Latest released version (from loop-AES-v1.6d tarball) has a bug that reveals
the loop encryption key to non-root users: all they need to do is add a line
"output fubar.txt" to their gpg options file. That causes gpg to write the
loop encryption key to fubar.txt file instead of piping it to mount.
A fix is to pass "--options /dev/null" option to gpg so it won't read
non-root supplied options file. A fixed version of the script is attached
to this mail.
Regards,
Jari Ruusu <jari.ruusu@pp.inet.fi>
build-gpgmount.sh.gz
-----BEGIN PGP MESSAGE-----
Version: 2.6.3ia
Comment: http://loop-aes.sourceforge.net/PGP-public-key.asc
iQCVAwUAPQI3STMKg0M6Ig9RAQHyTwQApJqCUnsfr9hvV7WQWvv2n0ffn3aV2GX5
5vFmZPGWZcN1Oc+Kz9quTJSCMj5Rpk3d9b+xoh0HAM6TyRvPT3ssjhy0Pr6ue7nw
buu9H5KnjaTllSW4henqNLj5D24XhU5H1WRGrwtfFssyGpwIXYuWFpSZxIOadAF9
69IhU9qGZIc=
=i2A0
-----END PGP MESSAGE-----