[pkg-cryptsetup-devel] Bug#600522: cryptsetup: Complaint about insecure mode of keyfiles though mode is secure
jkl345 at alice-dsl.net
jkl345 at alice-dsl.net
Sun Oct 17 19:05:54 UTC 2010
Package: cryptsetup
Version: 2:1.1.3-3
Severity: minor
I get the error that the file permissions are insecure though they match the requirements documented in the README:
$ cryptdisks_start win-dat
Starting crypto disk...Owner is 1
win-dat: INSECURE OWNER FOR /etc/keys/win-dat.luks, see /usr/share/doc/cryptsetup/README.Debian. ... (warning).
win-dat (running)...done.
$ ls -la /etc/keys/win-dat.luks
-r--------. 1 root root 33 2009-09-23 10:10 /etc/keys/win-dat.luks
The problem must be in file "/lib/cryptsetup/cryptdisks.functions" of package "cryptsetup" in line 677:
OWNER=$(ls -l "$key" | sed 's/^.\{10\}[+]\?.[^[:space:]]* \([^[:space:]]*\).*/\1/')
The results of the "ls -l /etc/keys/ | sed" command are just a bunch of lines of "1" and not "root".
It's just a warning, so no package funciontality is affected.
-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-2.6.36-rc7-nouveau-2010-10-17 root=/dev/mapper/r750 ro security=selinux selinux=1
-- /etc/crypttab
#;// Modified by Raoul Bönisch <jkl345 at alice-dsl.net> :: `date` Tue Jan 12 11:07:39 CET 2010
# <target name> <source device> <key file> <options>
# transfer /dev/disk/by-uuid/c2303647-ba52-4708-a5ec-7180524fa60b /etc/keys/transfer.luks luks
r750 /dev/disk/by-uuid/b7c2db81-a5ba-4312-a0aa-81abca615ff4 none luks
resbckp /dev/disk/by-uuid/44895aa2-67f6-4942-8766-8b5e0585516d /etc/keys/resbckp.luks luks
win-dat /dev/disk/by-uuid/2300e8cf-5afc-4ab2-876c-aec2625c063c /etc/keys/win-dat.luks luks
sto-dat /dev/disk/by-uuid/bdd52005-4f1d-4151-98f7-d49f75510e2a none luks,noauto
din-1 /dev/disk/by-uuid/2bf30d4f-6b8d-4cce-a8f8-6012ba09af63 /etc/keys/din-1.luks luks,noauto
din-2 /dev/disk/by-uuid/0ead0a73-21a6-4f6b-a1f9-f21c884a2ffb /etc/keys/din-2.luks luks,noauto
bup-pub /dev/disk/by-uuid/1268f7fc-8c48-401e-bc9f-a776a8e78fb9 /etc/keys/bup-pub.luks luks,noauto
bup-prv /dev/disk/by-uuid/a79e4885-a6c5-472e-acf8-9910100cb037 /etc/keys/bup-prv.luks luks,noauto
shr-dat /dev/disk/by-uuid/01ab73eb-39fb-419b-a0f5-97a788399df9 /etc/keys/shr-dat.luks luks,noauto
picob-crypt /dev/disk/by-uuid/86b9176f-c564-46ff-aed7-2db0c2bb6036 /etc/keys/picob-crypt.luks luks,noauto
work /dev/disk/by-uuid/baa64e9b-d6dc-4bcf-8558-bafac09ee57b /etc/keys/work.luks luks,noauto
-- /etc/fstab
#;// Modified by Raoul Bönisch <jkl345 at alice-dsl.net> :: `date` Tue Jan 12 11:02:45 CET 2010
# to identify disks the partitions are on, use `sudo hdparm -i <device>`
# Seagate 750 GB harddrive
# Model=ST3750330AS, FwRev=SD15, SerialNo=5QK08VMZ
/dev/mapper/r750 / ext3 defaults 0 1
/dev/disk/by-uuid/de540268-aafb-4c7d-9134-b04d235723b1 /boot ext2 defaults 0 2
proc /proc proc defaults 0 0
# Maxtor 320 GB harddrive
# Model=Maxtor, FwRev=VA111900, SerialNo=V60S38XG
/dev/disk/by-uuid/166004106003F4F1 /media/win/sys ntfs-3g defaults,uid=wine,ro,noauto 0 0
/dev/mapper/win-dat /media/win/dat ntfs-3g defaults,uid=wine,noauto 0 0
/dev/mapper/resbckp /media/win/resbckp ext3 defaults,noauto 0 0
# Seagate 750 GB harddrive
# Model=ST3750330AS, FwRev=SD15, SerialNo=5QK07BM1
/dev/disk/by-uuid/5E54DB7C7F4A3CE8 /media/sto-sys ntfs-3g defaults,uid=wine,ro,noauto 0 0 # UNUSED
/dev/mapper/sto-dat /media/sto-dat ntfs-3g defaults,uid=wine,noauto 0 0
# when your /tmp directory is mounted on a journalled filesystem
#none /tmp/jack tmpfs defaults 0 0
tmp /tmp tmpfs defaults,size=4096m,mode=1777 0 0
/dev/hda /media/cdrom auto ro,noauto,user 0 0
# http://www.pro-linux.de/t_system/vfat-tipps.html
/dev/sdb1 /media/dino/hdd-750/1 ntfs-3g utf8,noauto,user,umask=022,uid=1009,gid=100 0 0
/dev/sdb2 /media/dino/hdd-750/2 ntfs-3g utf8,noauto,user,umask=022,uid=1009,gid=100 0 0
/dev/sdb3 /media/dino/hdd-750/3 ntfs-3g utf8,noauto,user,umask=022,uid=1009,gid=100 0 0
# USB harddrive von Dino (die Alte)
# /dev/sdc1 /media/dino/usb/1 vfat shortname=mixed,umask=022,iocharset=utf8,codepage=850,uid=1009,gid=1009,noauto,user,ro 0 0
# /dev/disk/by-uuid/4A585D194E4B4078 /media/dino/usb/2 ntfs-3g utf8,noauto,user,umask=022,uid=1009,gid=1009 0 0
/dev/sdX1 /media/dino/usb/1 vfat shortname=mixed,umask=022,iocharset=utf8,codepage=850,uid=1009,gid=1009,noauto,user,ro 0 0
/dev/disk/by-uuid/4A585D194E4B4078 /media/dino/usb/2 ntfs-3g noauto,user,umask=022,uid=1009,gid=1009 0 0
# mistral by CnMemory USB harddrive von Dino
# Disk identifier: 0x55329e71
/dev/disk/by-uuid/453F0A39274A2F28 /media/dino/cnm/1 ntfs-3g utf8,noauto,user,umask=022,uid=1009,gid=100 0 0
/dev/disk/by-uuid/7D4062BD7B40C75E /media/dino/cnm/2 ntfs-3g utf8,noauto,user,umask=022,uid=1009,gid=100 0 0
/dev/mapper/din-1 /media/dino/cnm/3 ntfs-3g defaults,uid=1009,gid=100,noauto 0 0
/dev/mapper/din-2 /media/dino/cnm/4 ntfs-3g defaults,uid=1009,gid=100,noauto 0 0
# mistral by CnMemory USB harddrive von Raoul (bup)
/dev/disk/by-uuid/1AC54F9B5C59C348 /media/bup-1 ntfs-3g defaults,uid=wine,noauto 0 0
/dev/disk/by-uuid/c41cd45c-0f54-4698-b5d5-f5545911e2fc /media/bup-2 ext4 defaults,noauto 0 0
/dev/mapper/bup-pub /media/bup/pub ntfs-3g defaults,uid=wine,noauto 0 0
/dev/mapper/bup-prv /media/bup/prv ext4 defaults,noauto 0 0
# mistral by CnMemory USB harddrive von Raoul (share)
# Disk /dev/sdc: 1000.2 GB, 1000204886016 bytes
# 255 heads, 63 sectors/track, 121601 cylinders
# Units = cylinders of 16065 * 512 = 8225280 bytes
# Disk identifier: 0xafc543f1
#
# Device Boot Start End Blocks Id System
# /dev/sdc1 * 1 6079 48829536 7 HPFS/NTFS
# /dev/sdc2 6080 12158 48829567+ 83 Linux
# /dev/sdc3 12159 121601 879100897+ 7 HPFS/NTFS
/dev/disk/by-uuid/3A74230F709BB169 /media/shr/1 ntfs-3g defaults,uid=wine,noauto 0 0
/dev/disk/by-uuid/a7a29f3b-0098-4abc-91a2-747d0e6b460a /media/shr/2 ext4 defaults,noauto 0 0
/dev/mapper/shr-dat /media/shr/dat ntfs-3g defaults,uid=wine,noauto 0 0
# Super Talent Pico 16GB usb stick Beaker (picob)
/dev/mapper/picob-crypt /media/picob-crypt ext2 defaults,noauto 0 0
# TrekStor USB stick von Dino
# Disk /dev/sdc: 2 GB, 2027945984 bytes
# 128 heads, 32 sectors/track, 967 cylinders
# Units = cylinders of 4096 * 512 = 2097152 bytes
#
# Device Boot Start End Blocks Id System
#/dev/sdc1 * 1 483 989168 e FAT16 LBA
#/dev/sdc2 484 967 989184 e FAT16 LBA
# /dev/disk/by-uuid/03A5-0DFE /media/work/1 vfat defaults,noauto 0 0
/dev/mapper/work /media/work/crypto vfat defaults,noauto 0 0
-- lsmod
Module Size Used by
mperf 1435 0
cpufreq_userspace 2184 0
cpufreq_powersave 1026 0
cpufreq_stats 3020 0
cpufreq_conservative 9488 0
sco 7948 2
bnep 10268 2
parport_pc 20638 0
ppdev 5592 0
lp 8831 0
parport 32026 3 parport_pc,ppdev,lp
l2cap 31113 3 bnep
crc16 1659 1 l2cap
bluetooth 51672 5 sco,bnep,l2cap
rfkill 17075 2 bluetooth
kvm_amd 37786 0
kvm 253114 1 kvm_amd
binfmt_misc 6941 1
uinput 7051 1
nfsd 260439 2
exportfs 3490 1 nfsd
nfs 248627 0
lockd 63712 2 nfsd,nfs
fscache 40372 1 nfs
nfs_acl 2381 2 nfsd,nfs
auth_rpcgss 37291 2 nfsd,nfs
sunrpc 194470 6 nfsd,nfs,lockd,nfs_acl,auth_rpcgss
act_police 3981 1
cls_u32 5697 1
sch_ingress 1770 1
sch_hfsc 11712 1
sch_sfq 5096 2
sch_prio 3623 3
xt_owner 1178 12
xt_DSCP 2093 9
xt_CLASSIFY 1027 9
xt_state 1258 2
xt_tcpudp 2387 76
xt_mark 1259 3
ipt_LOG 4866 1
xt_limit 1932 1
ipt_REJECT 2069 8
iptable_mangle 1631 1
iptable_nat 3814 0
nf_nat 16843 1 iptable_nat
nf_conntrack_ipv4 11177 5 iptable_nat,nf_nat
nf_conntrack 62936 4 xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_defrag_ipv4 1441 1 nf_conntrack_ipv4
iptable_filter 1650 1
ip_tables 15179 3 iptable_mangle,iptable_nat,iptable_filter
x_tables 20899 13 xt_owner,xt_DSCP,xt_CLASSIFY,xt_state,xt_tcpudp,xt_mark,ipt_LOG,xt_limit,ipt_REJECT,iptable_mangle,iptable_nat,iptable_filter,ip_tables
ext2 55260 1
w83627ehf 21704 0
hwmon_vid 2178 1 w83627ehf
snd_hda_codec_realtek 283311 1
nouveau 422699 2
snd_hda_intel 22326 4
ttm 54351 1 nouveau
snd_hda_codec 86875 2 snd_hda_codec_realtek,snd_hda_intel
drm_kms_helper 28206 1 nouveau
drm 190936 4 nouveau,ttm,drm_kms_helper
snd_hwdep 5922 1 snd_hda_codec
cuse 5408 3
fuse 58463 2 cuse
option 15829 0
usb_wwan 10729 1 option
snd_pcm 74452 3 snd_hda_intel,snd_hda_codec
usbserial 32574 2 option,usb_wwan
ohci_hcd 18643 0
snd_seq 46550 0
ehci_hcd 31309 0
snd_timer 19052 2 snd_pcm,snd_seq
snd_seq_device 5896 1 snd_seq
usbcore 142609 6 option,usb_wwan,usbserial,ohci_hcd,ehci_hcd
i2c_algo_bit 4626 1 nouveau
video 20575 1 nouveau
snd 59515 15 snd_hda_codec_realtek,snd_hda_intel,snd_hda_codec,snd_hwdep,snd_pcm,snd_seq,snd_timer,snd_seq_device
output 2255 1 video
sg 20017 0
sr_mod 13299 0
shpchp 23887 0
tpm_tis 8326 0
edac_core 39930 0
psmouse 49977 0
cdrom 32991 1 sr_mod
pci_hotplug 23945 1 shpchp
i2c_nforce2 5317 0
tpm 13907 1 tpm_tis
processor 29046 0
forcedeth 46092 0
soundcore 6619 1 snd
pata_amd 10882 0
evdev 7673 13
k8temp 3651 0
edac_mce_amd 8317 0
snd_page_alloc 7532 2 snd_hda_intel,snd_pcm
nls_base 8021 1 usbcore
i2c_core 22851 5 nouveau,drm_kms_helper,drm,i2c_algo_bit,i2c_nforce2
tpm_bios 5425 1 tpm
pcspkr 1862 0
serio_raw 4102 0
button 5718 1 nouveau
ext3 111406 1
jbd 43126 1 ext3
mbcache 6964 2 ext2,ext3
sha256_generic 9551 6
aes_x86_64 7808 6
aes_generic 27263 1 aes_x86_64
cbc 2689 3
dm_crypt 10728 3
dm_mod 64018 5 dm_crypt
sd_mod 28197 6
crc_t10dif 1515 1 sd_mod
ata_generic 3507 0
sata_nv 20101 4
libata 166568 3 pata_amd,ata_generic,sata_nv
scsi_mod 182958 4 sg,sr_mod,sd_mod,libata
thermal 13224 0
thermal_sys 13940 3 video,processor,thermal
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.36-rc7-nouveau-2010-10-17 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages cryptsetup depends on:
ii dmsetup 2:1.02.48-3 The Linux Kernel Device Mapper use
ii libc6 2.11.2-6 Embedded GNU C Library: Shared lib
ii libdevmapper1.02.1 2:1.02.48-3 The Linux Kernel Device Mapper use
ii libpopt0 1.16-1 lib for parsing cmdline parameters
ii libuuid1 2.17.2-3.3 Universally Unique ID library
cryptsetup recommends no packages.
Versions of packages cryptsetup suggests:
ii busybox 1:1.17.1-4 Tiny utilities for small and embed
ii dosfstools 3.0.9-1 utilities for making and checking
ii initramfs-tools [linux-initra 0.98.4 tools for generating an initramfs
ii udev 161-1 /dev/ and hotplug management daemo
-- no debconf information
More information about the pkg-cryptsetup-devel
mailing list