FreeBSD 10.x ZFS encryption.key Disclosure

FreeBSD 10.x installer supports the installation of FreeBSD 10.x on an encrypted ZFS filesystem by default. When using the encryption system within ZFS during the installation of FreeBSD 10.0 and FreeBSD 10.1, the encryption.key has wrong permissions which allow local users to read this file. Even if the keyfile is passphrase-encrypted, it can present a risk.

Leave a Reply