[Pkg-cryptsetup-devel] Bug#342079: cryptsetup: should check swap partition type

Jonas Meurer jonas at freesources.org
Sun Jan 22 17:33:28 UTC 2006


severity 342079 wishlist
thanks
--- end bts robot comands ---

On 22/01/2006 Tuomo Valkonen wrote:
> Well, I'd like some way of ensuring that important data is not accidentally
> overwritten by swap setup on boot. Normal swap areas have a signature
> indicating that they're swap, and so the system won't use something that
> hasn't been prepared as swap as swap. But encrypted swap areas are usually
> created with a one-time random key, so the existence of such a signature
> from previous initialisation can't be checked. 

i understand your fear, that important data is overwritten by creating a
encrypted swap partition on a wrong device, but i believe that it's not
cryptsetup's job to prevent that.
unix systems rely on the responsibility of system admins, /bin/rm or
/bin/dd don't check what they remove/override before doing so too.

> The partition table and fdisk provide a quick&dirty check that a partition
> is intended to be used as swap, and thus it is rather safe to create swap on
> it, but of course it isn't generally applicable. A better option might be to
> include a signature on the device outside the encrypted area (could perhaps
> be hacked with cryptsetup's -o option, and a test on the contents of the
> first block of the device), although for systems that have encrypted root
> disks and uninformative partition tables, it might degrade security.

there might be some rather complex ways to verify that a partition
overwritten by an encrypted swap fs is really a swap partition, but i'm
far from convinced that they are necessary.
you always should sit on your fingers before typing <RETURN> as root.
that is still true, and if we start implementing double checks to
prevent data loose at one application, users will expect it at others
too.

would you object against closing this bug?

...
 jonas




More information about the Pkg-cryptsetup-devel mailing list