From nobody@FreeBSD.org  Wed Apr 20 16:20:56 2005
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7192B16A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 20 Apr 2005 16:20:56 +0000 (GMT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4A15443D5D
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 20 Apr 2005 16:20:56 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j3KGKtRE031759
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 20 Apr 2005 16:20:55 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j3KGKtB9031757;
	Wed, 20 Apr 2005 16:20:55 GMT
	(envelope-from nobody)
Message-Id: <200504201620.j3KGKtB9031757@www.freebsd.org>
Date: Wed, 20 Apr 2005 16:20:55 GMT
From: David Duchscher <daved@tamu.edu>
To: freebsd-gnats-submit@FreeBSD.org
Subject: request configuration option for specifing the GBDE passphrase.
X-Send-Pr-Version: www-2.3

>Number:         80158
>Category:       conf
>Synopsis:       [gbde] [patch] [request] configuration option for specifing the GBDE passphrase.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Apr 20 16:30:22 GMT 2005
>Closed-Date:    Wed Mar 12 17:43:05 UTC 2008
>Last-Modified:  Wed Mar 12 17:43:05 UTC 2008
>Originator:     David Duchscher
>Release:        FreeBSD 5.4-RC3
>Organization:
Texas A&M University
>Environment:
FreeBSD backup.net.tamu.edu 5.4-RC3 FreeBSD 5.4-RC3 #0: Tue Apr 19 15:44:06 UTC 2005     root@backup.net.tamu.edu:/usr/obj/data/usr/src/sys/CUSTOM  i386
>Description:
I need to encrypt data on a RAID 5 device so that when drive failures
happen and the drive is replaced, data on that failed disk is secure.
We needed the system to still returned to operation without user
intervention.  I have modified the /etc/rc.d/gbde script to do what I
need and figured I would float the idea of getting this added into the system.

>How-To-Repeat:
      
>Fix:
Here is the patch to /etc/rc.d/gbde that I have made to add the passphrase
to rc.conf.

--- /usr/src/etc/rc.d/gbde      Sun Jan 30 05:05:01 2005
+++ /etc/rc.d/gbde      Wed Apr 20 11:02:42 2005
@@ -109,10 +109,13 @@
 
                        count=1
                        while [ ${count} -le ${gbde_attach_attempts} ]; do
+                               if [ ! -z "${gbde_passphrase}" ]; then
+                                       passphrase="-p ${gbde_passphrase}"
+                               fi
                                if [ -e "${lock}" ]; then
-                                       gbde attach ${parent} -l ${lock}
+                                       gbde attach ${parent} -l ${lock} ${passphrase}
                                else
-                                       gbde attach ${parent}
+                                       gbde attach ${parent} ${passphrase}
                                fi
                                if [ -e "/dev/${parent}.bde" ]; then
                                        break

>Release-Note:
>Audit-Trail:

From: Volker <volker@vwsoft.com>
To: bug-followup@FreeBSD.org, daved@tamu.edu
Cc:  
Subject: Re: conf/80158: [gbde] [patch] [request] configuration option for
 specifing the GBDE passphrase.
Date: Wed, 12 Mar 2008 02:17:32 +0100

 David,
 
 while working on the backlog of problem reports, I came across your ticket.
 
 I'm sorry to tell, but I'm unable to go and look for a maintainer to
 take care about your report because importing this patch is a threat to
 the system security in general. Securing data laying around on a hard
 disk and putting the key for protecting the data eventually onto the
 same disk is really a bad idea. This is like putting the key for your
 car onto the drivers seat and leave your car unlocked.
 
 The idea to have the passphrase to decrypt the data of your hard disk
 being put into /etc/rc.conf might work for you if you're having a
 separate disk for the root-fs (where /etc is located) and another set of
 disks under control of gbde. But this is not a true for every system.
 Importing your patch into the base infrastructure might lead the not too
 experienced and not too security minded user into thinking, doing this
 is safe - which is of course wrong.
 
 So my view to your patch is, it may lead someone else into getting the
 feeling of using a secured (encrypted) system which is - on the other
 side - decryptable for anybody who has read access to the root-fs.
 
 I think this problem might be the case why this ticket hasn't been
 touched for years.
 
 Because I don't really see the chance to get this imported into the base
 system, I'm going to suspend this ticket so just for the case any of the
 maintainers might have a different view can grab and re-open this ticket.
 
 Of course you're welcome to disagree and file a followup to this ticket.
 If you agree and understand that the patch might possibly not being
 imported, you may also request to have that ticket being closed.
 
 I hope you understand the objection.
 
 Thanks a lot for your understanding!
State-Changed-From-To: open->suspended 
State-Changed-By: vwe 
State-Changed-When: Wed Mar 12 01:21:41 UTC 2008 
State-Changed-Why:  

Suspend this ticket for now as I don't see the chance to get this imported. 
Nobody took care ever, probably for the same reason. 
suggest to auto-close this ticket after timeout period of 4 weeks 

http://www.freebsd.org/cgi/query-pr.cgi?pr=80158 

From: David Duchscher <daved@tamu.edu>
To: Volker <volker@vwsoft.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: conf/80158: [gbde] [patch] [request] configuration option for specifing the GBDE passphrase.
Date: Wed, 12 Mar 2008 10:50:14 -0500

 Thank you very much for the thoughtful and detailed reply.  You can  
 close the ticket.  I have moved over to using the geli framework which  
 has the feature requested in the above ticket.
 
 Thanks again,
 --
 DaveD
 
State-Changed-From-To: suspended->closed 
State-Changed-By: remko 
State-Changed-When: Wed Mar 12 17:43:04 UTC 2008 
State-Changed-Why:  
Submitter reports this can be closed, make it happen. Thanks for the 
feedback! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=80158 
>Unformatted:
