mirror of
https://gitlab.gnome.org/GNOME/gparted
synced 2024-10-12 10:52:59 +00:00
04637a3426
Application level requirements for secure password management were set out in "LUKS password handling, threats and preventative measures" [1]. The requirements are: 1) Passwords are stored in RAM and are not allowed to be paged to swap. (However hibernating with GParted still running will write all of RAM to swap). 2) Passwords are wiped from RAM when no longer needed. When each password is no longer needed and when GParted closes. 3) Passwords are referenced by unique key. Recommend using LUKS UUIDs as the unique key. (Each LUKS password should only ever need to be entered once for each execution of GParted. Therefore the passwords can't be stored in any of the existing data structures such as Partitions or LUKS_Info cache because all of these are cleared and reloaded on each device refresh). There seems to be two possible implementation methods: use an existing library to provide secure memory handling, or write our own. Libgcrypt [2] and libsodium [3] cryptographic libraries both provide secure memory handling. (Secure memory is quite simple really, some virtual memory locked into RAM which is zeroed when no longer needed). Linking to an encryption library just to provide secure memory seems like using a sledge hammer to crack a nut. Also because of requirement (3) above a module is needed to "own" the pointers to the passwords in the secure memory. Managing the secure memory ourselves is probably no more code that that needed to interface to libgcrypt. Therefore handle the secure memory ourselves. So far the module is only compiled. It is not used anywhere in GParted. [1] LUKS password handling, threats and preventative measures https://bugzilla.gnome.org/show_bug.cgi?id=627701#c56 [2] libgcrypt general purpose cryptographic library, as used in GNU Privacy Guard https://gnupg.org/related_software/libgcrypt/ [3] libsodium crypto library https://download.libsodium.org/doc/ Bug 795617 - Implement opening and closing of LUKS mappings
66 lines
1.3 KiB
Plaintext
66 lines
1.3 KiB
Plaintext
# List of source files containing translatable strings.
|
|
# Please keep this file sorted alphabetically.
|
|
gparted.appdata.xml.in
|
|
gparted.desktop.in.in
|
|
org.gnome.gparted.policy.in.in
|
|
include/Utils.h
|
|
src/BlockSpecial.cc
|
|
src/CopyBlocks.cc
|
|
src/Dialog_Base_Partition.cc
|
|
src/Dialog_Disklabel.cc
|
|
src/Dialog_FileSystem_Label.cc
|
|
src/Dialog_Partition_Copy.cc
|
|
src/Dialog_Partition_Info.cc
|
|
src/Dialog_Partition_Name.cc
|
|
src/Dialog_Partition_New.cc
|
|
src/Dialog_Partition_Resize_Move.cc
|
|
src/Dialog_Progress.cc
|
|
src/DialogFeatures.cc
|
|
src/DialogManageFlags.cc
|
|
src/Dialog_Rescue_Data.cc
|
|
src/DMRaid.cc
|
|
src/FileSystem.cc
|
|
src/GParted_Core.cc
|
|
src/HBoxOperations.cc
|
|
src/LVM2_PV_Info.cc
|
|
src/LUKS_Info.cc
|
|
src/Mount_Info.cc
|
|
src/OperationChangeUUID.cc
|
|
src/OperationCopy.cc
|
|
src/OperationCheck.cc
|
|
src/OperationCreate.cc
|
|
src/OperationDelete.cc
|
|
src/OperationDetail.cc
|
|
src/OperationFormat.cc
|
|
src/OperationLabelFileSystem.cc
|
|
src/OperationNamePartition.cc
|
|
src/OperationResizeMove.cc
|
|
src/Partition.cc
|
|
src/PartitionLUKS.cc
|
|
src/PartitionVector.cc
|
|
src/PasswordRAMStore.cc
|
|
src/ProgressBar.cc
|
|
src/SWRaid_Info.cc
|
|
src/TreeView_Detail.cc
|
|
src/Utils.cc
|
|
src/Win_GParted.cc
|
|
src/btrfs.cc
|
|
src/exfat.cc
|
|
src/ext2.cc
|
|
src/f2fs.cc
|
|
src/fat16.cc
|
|
src/hfs.cc
|
|
src/hfsplus.cc
|
|
src/jfs.cc
|
|
src/linux_swap.cc
|
|
src/lvm2_pv.cc
|
|
src/luks.cc
|
|
src/main.cc
|
|
src/ntfs.cc
|
|
src/nilfs2.cc
|
|
src/reiser4.cc
|
|
src/reiserfs.cc
|
|
src/udf.cc
|
|
src/ufs.cc
|
|
src/xfs.cc
|