I've poked around a little bit and think this might not justify much time to fix:
- it's suggested to be used in the initramfs, presumably before untrusted users are executing - it's apparently not going to work with luks2 format, only luks1, and I believe we've switched the default to luks2 In an ideal world this would be written in a better language, but if it hasn't already happened then it probably won't happen. Thanks ** Changed in: cryptsetup (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065510 Title: /lib/cryptsetup/scripts/decrypt_derived reveals encryption keys to non-root processes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/2065510/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs