FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Insecure default GELI keyfile permissions

Affected packages
10.1 <= FreeBSD < 10.1_9

Details

VuXML ID 0b65f297-600a-11e6-a6c3-14dae9d210b8
Discovery 2015-04-07
Entry 2016-08-11

Problem Description:

The default permission set by bsdinstall(8) installer when configuring full disk encrypted ZFS is too open.

Impact:

A local attacker may be able to get a copy of the geli(8) provider's keyfile which is located at a fixed location.

References

CVE Name CVE-2015-1415
FreeBSD Advisory SA-15:08.bsdinstall

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.