On 24/04/2020 11:37, Nikolay Borisov wrote: > > > On 16.04.20 г. 17:24 ч., David Sterba wrote: >> naming of the new checksums (hmac-sha256 or hmac-blake2 should be ok)> - key specification via mount option > > But the key shouldn't really be visible in /proc/mounts since it's > readable by ordinary users, god knows how many more pseudo files there > are which can provide the same situation. If the specification of the > key is a reference to a loaded key then yes but otherwise I think that's > a security risk, unless it's possible to hide passed options from > /proc/mounts i.e pass it but make it internal to the filesystem ? No the key won't ever be passed to the mount command, only the key id: keyctl add logon btrfs:foo 0123456 @u mount -t btrfs -o auth_key=btrfs:foo /dev/disk /mnt/point So /proc/mounts would only show the key id anyways. I think this is fine.
