Re: FreeBSD Security Advisory FreeBSD-SA-23:01.geli

In reply to: grarpamp : "Re: FreeBSD Security Advisory FreeBSD-SA-23:01.geli"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Mariusz Zaborski <oshogbo_at_freebsd.org>
Date: Wed, 08 Feb 2023 22:15:21 UTC

When I was working on the patch, I analyzed this situation.
The issue with key files is that they can be arbitrary in size, and I think
this caused this issue.
The passfile/passwords are limited in size.
Because they are limited, they are cached in the memory of geli and reused.

My conclusion was that there isn't such an issue with them.

Ofc it is always good to double-check. You can follow the usage of the
cached_passphrase variable:
https://cgit.freebsd.org/src/tree/lib/geom/eli/geom_eli.c#n71

On Wed, 8 Feb 2023 at 22:13, grarpamp <grarpamp@gmail.com> wrote:

> Did anyone check if -j/-J might have similar edge cases?
>
>