[pkg-cryptsetup-devel] Bug#587220: cryptsetup: possible security problem with initscripts

[Christoph Anton Mitterer]

Package: cryptsetup
Version: 2:1.1.2-1
Severity: normal
Tags: patch


Hi Jonas.

The current init-scripts might have a "meta security" problem, for which I've
attached patches.

Imagine a user want's to stop all cryptdisks (as the police is comming ;) )...
He does /etc/init.d/cryptdisks[-early] stop, which should stop them (at least
until no one is used anymore), right?.

However, the if /lib/cryptsetup/cryptdisks.functions (which should never happen)
you exit 0 and he wouldn't notice an error, that stopping didn't work.

The patch also removes the check for /lib/cryptsetup/cryptdisks.functions,
as I guess it's not required, because if the initscripts are there, that file
is also there,.. unless people broke their packages manually, which we can
never prevent or always check for.


Cheers,
Chris.
-------------- next part --------------
--- cryptdisks-early	2010-06-26 13:12:25.000000000 +0200
+++ 2	2010-06-26 13:13:06.000000000 +0200
@@ -15,11 +15,7 @@
 
 set -e
 
-if [ -r /lib/cryptsetup/cryptdisks.functions ]; then
-	. /lib/cryptsetup/cryptdisks.functions
-else
-	exit 0
-fi
+. /lib/cryptsetup/cryptdisks.functions
 
 INITSTATE="early"
 LOUD=""