cryptsetup --test-passphrase requires root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



cryptsetup 1.6.1

cryptsetup --test-passphrase luksOpen /path/to/image

(note: /path/to/image is not a device path) complains

Cannot use a loopback device, running as non-root user.

Given that the header can be dumped without being root, it seems true that one should be able to test the passphrase without being root, as long as you can access the header/image.

I can see in lib/device_utils.c`device_internal_prepare that indeed, cryptsetup makes this check proactively rather than just failing somewhere else. In the case of --test-passphrase, is this really needed?

I don't think that is the code path for --test-passphrase though, since --test-passphrase doesn't require a device path whereas the referenced code does seem to require it. I didn't search exhaustively for that error message, just stopped at the first place where it seems superfluous. Couldn't a process have a mount capability without being uid 0?
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
https://www.saout.de/mailman/listinfo/dm-crypt

[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux