[dm-crypt] two factor authentication with zuluCrypt

.. ink .. mhogomchungu at gmail.com
Mon Oct 17 19:14:17 CEST 2011


>
>
> Just use it as shared library and use libcryptsetup.h, see for example
> docs/examples in cryptsetup source tree. (Btw if you need more examples,
> just tell me, we can add something there for reference.)
>
> I looked at the example in the just released beta and i now understand the
API and can work with it with no problems. My program now does interface
with cryptsetup using only the library.

Just to clarify, just linking against the library and let link loader look
up and load it at runtime poses no security issue to an suid program? The
reason why i manually load the library at run time and pollute the code with
all those pointers was to avoid security issues i couldnt think of.

Or better (but I think it is not good idea for GUI) - provide option
> to link statically.
>
>
My program is divided into two parts, the GUI part(zuluCrypt)  runs with
normal user's privileges and calls the cli backend(zuluCrpt-cli) to actually
do the work. The cli backend is the one that runs with suid bit set and
interfaces with cryptsetup

You mentioned "cleaning up the code" with two examples, dynamically linking
the library(will do that) and use proper "industry standard" tools for
building and installation(will do that). Anything else that needs cleaning?

Thanks for taking your time to look into it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20111017/3505bf45/attachment-0001.html>


More information about the dm-crypt mailing list