Re: security for failed removal of crypt device?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Arno wrote:
> However I would feel not to good about the "rm". Would
> it not be better to check the output of "mount"?
Ok, I hear you and I'm thinking better safe than sorry. Heres a revision that shuts down on any failure and tries to take care of memory using secure-delete's smem. 

cd /dev/mapper
fuser -km crypt-foo
err=0
if ! umount crypt-foo crypt-swap; then
	err=1
	umount -l crypt-foo; fi
if ! cryptsetup luksClose crypt-foo; then
	err=1
	rm -f crypt-foo; fi
if ! swapoff -a && cryptsetup remove crypt-swap; then
	err=1
	rm -f crypt-swap; fi
smem
((err)) && halt

- Drew


---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux