mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
sleep-config: add comment about security
Adds information about attacks that might become possible when the hibernate location is automatically determined.
This commit is contained in:
parent
f66d040d95
commit
14941724ec
@ -723,6 +723,14 @@ static bool location_is_resume_device(const HibernateLocation *location, dev_t s
|
||||
* Attempt to find the hibernation location by parsing /proc/swaps, /sys/power/resume, and
|
||||
* /sys/power/resume_offset.
|
||||
*
|
||||
* Beware:
|
||||
* Never use a device or file as location that hasn't been somehow specified by a user that would also be
|
||||
* entrusted with full system memory access (for example via /sys/power/resume) or that isn't an already
|
||||
* active swap area!
|
||||
* Otherwise various security attacks might become possible, for example an attacker could silently attach
|
||||
* such a device and circumvent full disk encryption when it would be automatically used for hibernation.
|
||||
* Also, having a swap area on top of encryption is not per se enough to protect from all such attacks.
|
||||
*
|
||||
* Returns:
|
||||
* 1 - Values are set in /sys/power/resume and /sys/power/resume_offset.
|
||||
* ret_hibernate_location will represent matching /proc/swap entry if identified or NULL if not.
|
||||
|
Loading…
Reference in New Issue
Block a user