Loop-AES contains build-gpgmount.sh script that can be used to create a program to mount loop devices using GnuPG encrypted loop key. Intent is for created program to start both gpg and mount programs in a way that non-root users decrypt loop encryption key from GnuPG encrypted file without non-root users having access to actual loop encryption key. Latest released version (from loop-AES-v1.6d tarball) has a bug that reveals the loop encryption key to non-root users: all they need to do is add a line "output fubar.txt" to their gpg options file. That causes gpg to write the loop encryption key to fubar.txt file instead of piping it to mount. A fix is to pass "--options /dev/null" option to gpg so it won't read non-root supplied options file. A fixed version of the script is attached to this mail. Regards, Jari Ruusu <jari.ruusu@pp.inet.fi>
Attachment:
build-gpgmount.sh.gz
Description: GNU Zip compressed data
-----BEGIN PGP MESSAGE----- Version: 2.6.3ia Comment: http://loop-aes.sourceforge.net/PGP-public-key.asc iQCVAwUAPQI3STMKg0M6Ig9RAQHyTwQApJqCUnsfr9hvV7WQWvv2n0ffn3aV2GX5 5vFmZPGWZcN1Oc+Kz9quTJSCMj5Rpk3d9b+xoh0HAM6TyRvPT3ssjhy0Pr6ue7nw buu9H5KnjaTllSW4henqNLj5D24XhU5H1WRGrwtfFssyGpwIXYuWFpSZxIOadAF9 69IhU9qGZIc= =i2A0 -----END PGP MESSAGE-----
