Geli a gbde - pripominky
Kaminar
Kaminar at seznam.cz
Wed Aug 1 17:36:05 CEST 2007
Zdravim,
hral jsem si se sifrovnim disku pomoci gbde a geli a nasel jsem nejake veci,
o kterych si myslim, ze jsou chybne nebo ne zcela spravne. Myslim, ze by bylo
dobre to nekam poslat, aby to bylo k uzitku. Proto jsem to uz zacal sepisovat
primo v anglictine a posilam to sem z nasledujicich duvodu:
1) Nevim kam to poslat.
2) Nevim, jestli to neni v 7R nebo nekde jinde uz opravene nebo se to uz
neresi nebo se to nekde uz neprobiralo.
3) Vice hlav vic vi.
Karel
--------------------------------------------------------------------------------
Tested on FreeBSD 6.1R on memory disk created as below:
# dd if=/dev/zero of=disk.img bs=1m count=100
# mdconfig -a -t vnode -f disk.img -u 0
Disk was ciphering only with passphrase and keyfile wasn't used.
GELI:
-----
- For actions: delkey, backup, clear, dump and kill it should require
passphrase/keyfile. (May not for kill action?)
- In case performing backup action on not geli provider "geli backup provider
metadata-backup" warning message displayed but zero-size metadata-backup
file created. It should not create any file.
GBDE:
-----
- When attaching destination with bad passphrase no warning message appears
about destination is not attached and zero return value returned.
Example:
# dd if=/dev/zero of=disk.img bs=1m count=100
# mdconfig -a -t vnode -f disk.img -u 0
# gbde init /dev/md0
<passphrase enter>
# gbde attach /dev/md0 ; echo $?
Enter passphrase: <bad passphrase>
0
It should be non zero return value at least.
- When "gbde nuke destination -n -1" no warning message appears about every
keys will be lost.
- Error in man gbde(8) in EXAMPLES section:
"To destroy all copies of the masterkey:
gbde destroy ad0s1f -n -1"
It should be "gbde nuke ad0s1f -n -1"
--------------------------------------------------------------------------------
More information about the Users-l
mailing list