On 06/08/18 16:21, Ingo Franzki wrote: > Hi, > > I just noticed that a luksDump with option --master-key-file fails to open the file when it is not already existing. > Is this by intention? > > cryptsetup luksDump <device> --dump-master-key --master-key-file mykey.bin > ... > Cannot open keyfile mykey.bin for write. > > When I do a "touch mykey.bin" first, above command works fine. > > Funtion tools_write_mk() in utils_password.c uses open with O_WRONLY. This does not seem to create the file when it is not existing. > Maybe it should also specify O_CREAT? This is a quite new code (--master-key-file was previously used only for input). I think this a mistake and it should be handled the same way as we create header backup, IOW with these flags: open(file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR) (do not overwrite existing, set user only, read-only acl) Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
