1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00

sleep-config: add comment about security

Adds information about attacks that might become possible when the hibernate
location is automatically determined.
This commit is contained in:
Christoph Anton Mitterer 2023-03-26 04:31:38 +02:00 committed by Lennart Poettering
parent f66d040d95
commit 14941724ec

View File

@ -723,6 +723,14 @@ static bool location_is_resume_device(const HibernateLocation *location, dev_t s
* Attempt to find the hibernation location by parsing /proc/swaps, /sys/power/resume, and
* /sys/power/resume_offset.
*
* Beware:
* Never use a device or file as location that hasn't been somehow specified by a user that would also be
* entrusted with full system memory access (for example via /sys/power/resume) or that isn't an already
* active swap area!
* Otherwise various security attacks might become possible, for example an attacker could silently attach
* such a device and circumvent full disk encryption when it would be automatically used for hibernation.
* Also, having a swap area on top of encryption is not per se enough to protect from all such attacks.
*
* Returns:
* 1 - Values are set in /sys/power/resume and /sys/power/resume_offset.
* ret_hibernate_location will represent matching /proc/swap entry if identified or NULL if not.