FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Insecure default GELI keyfile permissions

Affected packages
10.1 <= FreeBSD < 10.1_9


VuXML ID 0b65f297-600a-11e6-a6c3-14dae9d210b8
Discovery 2015-04-07
Entry 2016-08-11

Problem Description:

The default permission set by bsdinstall(8) installer when configuring full disk encrypted ZFS is too open.


A local attacker may be able to get a copy of the geli(8) provider's keyfile which is located at a fixed location.


CVE Name CVE-2015-1415
FreeBSD Advisory SA-15:08.bsdinstall