[pkg-cryptsetup-devel] Bug#600522: cryptsetup: Complaint about insecure mode of keyfiles though mode is secure

jkl345 at alice-dsl.net jkl345 at alice-dsl.net
Sun Oct 17 19:05:54 UTC 2010


Package: cryptsetup
Version: 2:1.1.3-3
Severity: minor


I get the error that the file permissions are insecure though they match the requirements documented in the README:

$ cryptdisks_start win-dat
Starting crypto disk...Owner is 1
win-dat: INSECURE OWNER FOR /etc/keys/win-dat.luks, see /usr/share/doc/cryptsetup/README.Debian. ... (warning).
win-dat (running)...done.

$ ls -la /etc/keys/win-dat.luks 
-r--------. 1 root root 33 2009-09-23 10:10 /etc/keys/win-dat.luks

The problem must be in file "/lib/cryptsetup/cryptdisks.functions" of package "cryptsetup" in line 677:

OWNER=$(ls -l "$key" | sed 's/^.\{10\}[+]\?.[^[:space:]]* \([^[:space:]]*\).*/\1/')

The results of the "ls -l /etc/keys/ | sed" command are just a bunch of lines of "1" and not "root".

It's just a warning, so no package funciontality is affected.



-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-2.6.36-rc7-nouveau-2010-10-17 root=/dev/mapper/r750 ro security=selinux selinux=1

-- /etc/crypttab
#;// Modified by Raoul Bönisch <jkl345 at alice-dsl.net> :: `date` Tue Jan 12 11:07:39 CET 2010
# <target name>	<source device>		<key file>	<options>
# transfer /dev/disk/by-uuid/c2303647-ba52-4708-a5ec-7180524fa60b /etc/keys/transfer.luks luks
r750 /dev/disk/by-uuid/b7c2db81-a5ba-4312-a0aa-81abca615ff4 none luks
resbckp /dev/disk/by-uuid/44895aa2-67f6-4942-8766-8b5e0585516d /etc/keys/resbckp.luks luks
win-dat /dev/disk/by-uuid/2300e8cf-5afc-4ab2-876c-aec2625c063c /etc/keys/win-dat.luks luks
sto-dat /dev/disk/by-uuid/bdd52005-4f1d-4151-98f7-d49f75510e2a none luks,noauto
din-1 /dev/disk/by-uuid/2bf30d4f-6b8d-4cce-a8f8-6012ba09af63 /etc/keys/din-1.luks luks,noauto
din-2 /dev/disk/by-uuid/0ead0a73-21a6-4f6b-a1f9-f21c884a2ffb /etc/keys/din-2.luks luks,noauto
bup-pub /dev/disk/by-uuid/1268f7fc-8c48-401e-bc9f-a776a8e78fb9 /etc/keys/bup-pub.luks luks,noauto
bup-prv /dev/disk/by-uuid/a79e4885-a6c5-472e-acf8-9910100cb037 /etc/keys/bup-prv.luks luks,noauto
shr-dat /dev/disk/by-uuid/01ab73eb-39fb-419b-a0f5-97a788399df9 /etc/keys/shr-dat.luks luks,noauto
picob-crypt /dev/disk/by-uuid/86b9176f-c564-46ff-aed7-2db0c2bb6036 /etc/keys/picob-crypt.luks luks,noauto
work /dev/disk/by-uuid/baa64e9b-d6dc-4bcf-8558-bafac09ee57b /etc/keys/work.luks luks,noauto

-- /etc/fstab
#;// Modified by Raoul Bönisch <jkl345 at alice-dsl.net> :: `date` Tue Jan 12 11:02:45 CET 2010
# to identify disks the partitions are on, use `sudo hdparm -i <device>`

# Seagate 750 GB harddrive
# Model=ST3750330AS, FwRev=SD15, SerialNo=5QK08VMZ
/dev/mapper/r750 / ext3 defaults 0 1
/dev/disk/by-uuid/de540268-aafb-4c7d-9134-b04d235723b1 /boot ext2 defaults 0 2

proc /proc proc	defaults 0 0

# Maxtor 320 GB harddrive
# Model=Maxtor, FwRev=VA111900, SerialNo=V60S38XG
/dev/disk/by-uuid/166004106003F4F1 /media/win/sys ntfs-3g defaults,uid=wine,ro,noauto 0 0
/dev/mapper/win-dat /media/win/dat ntfs-3g defaults,uid=wine,noauto 0 0
/dev/mapper/resbckp /media/win/resbckp ext3 defaults,noauto 0 0

# Seagate 750 GB harddrive
# Model=ST3750330AS, FwRev=SD15, SerialNo=5QK07BM1
/dev/disk/by-uuid/5E54DB7C7F4A3CE8 /media/sto-sys ntfs-3g defaults,uid=wine,ro,noauto 0 0	# UNUSED
/dev/mapper/sto-dat /media/sto-dat ntfs-3g defaults,uid=wine,noauto 0 0

# when your /tmp directory is mounted on a journalled filesystem
#none /tmp/jack tmpfs defaults 0 0

tmp /tmp tmpfs defaults,size=4096m,mode=1777 0 0

/dev/hda /media/cdrom auto ro,noauto,user 0 0


# http://www.pro-linux.de/t_system/vfat-tipps.html
/dev/sdb1 /media/dino/hdd-750/1 ntfs-3g utf8,noauto,user,umask=022,uid=1009,gid=100 0 0
/dev/sdb2 /media/dino/hdd-750/2 ntfs-3g utf8,noauto,user,umask=022,uid=1009,gid=100 0 0
/dev/sdb3 /media/dino/hdd-750/3 ntfs-3g utf8,noauto,user,umask=022,uid=1009,gid=100 0 0


# USB harddrive von Dino (die Alte)
# /dev/sdc1 /media/dino/usb/1 vfat shortname=mixed,umask=022,iocharset=utf8,codepage=850,uid=1009,gid=1009,noauto,user,ro 0 0
# /dev/disk/by-uuid/4A585D194E4B4078 /media/dino/usb/2 ntfs-3g utf8,noauto,user,umask=022,uid=1009,gid=1009 0 0
/dev/sdX1 /media/dino/usb/1 vfat shortname=mixed,umask=022,iocharset=utf8,codepage=850,uid=1009,gid=1009,noauto,user,ro 0 0
/dev/disk/by-uuid/4A585D194E4B4078 /media/dino/usb/2 ntfs-3g noauto,user,umask=022,uid=1009,gid=1009 0 0


# mistral by CnMemory USB harddrive von Dino
# Disk identifier: 0x55329e71
/dev/disk/by-uuid/453F0A39274A2F28 /media/dino/cnm/1 ntfs-3g utf8,noauto,user,umask=022,uid=1009,gid=100 0 0
/dev/disk/by-uuid/7D4062BD7B40C75E /media/dino/cnm/2 ntfs-3g utf8,noauto,user,umask=022,uid=1009,gid=100 0 0
/dev/mapper/din-1 /media/dino/cnm/3 ntfs-3g defaults,uid=1009,gid=100,noauto 0 0
/dev/mapper/din-2 /media/dino/cnm/4 ntfs-3g defaults,uid=1009,gid=100,noauto 0 0


# mistral by CnMemory USB harddrive von Raoul (bup)
/dev/disk/by-uuid/1AC54F9B5C59C348 /media/bup-1 ntfs-3g defaults,uid=wine,noauto 0 0
/dev/disk/by-uuid/c41cd45c-0f54-4698-b5d5-f5545911e2fc /media/bup-2 ext4 defaults,noauto 0 0
/dev/mapper/bup-pub /media/bup/pub ntfs-3g defaults,uid=wine,noauto 0 0
/dev/mapper/bup-prv /media/bup/prv ext4 defaults,noauto 0 0


# mistral by CnMemory USB harddrive von Raoul (share)
# Disk /dev/sdc: 1000.2 GB, 1000204886016 bytes
# 255 heads, 63 sectors/track, 121601 cylinders
# Units = cylinders of 16065 * 512 = 8225280 bytes
# Disk identifier: 0xafc543f1
# 
#    Device Boot      Start         End      Blocks   Id  System
# /dev/sdc1   *           1        6079    48829536    7  HPFS/NTFS
# /dev/sdc2            6080       12158    48829567+  83  Linux
# /dev/sdc3           12159      121601   879100897+   7  HPFS/NTFS

/dev/disk/by-uuid/3A74230F709BB169 /media/shr/1 ntfs-3g defaults,uid=wine,noauto 0 0
/dev/disk/by-uuid/a7a29f3b-0098-4abc-91a2-747d0e6b460a /media/shr/2 ext4 defaults,noauto 0 0
/dev/mapper/shr-dat /media/shr/dat ntfs-3g defaults,uid=wine,noauto 0 0


# Super Talent Pico 16GB usb stick Beaker (picob)
/dev/mapper/picob-crypt /media/picob-crypt ext2 defaults,noauto 0 0


# TrekStor USB stick von Dino
# Disk /dev/sdc: 2 GB, 2027945984 bytes
# 128 heads, 32 sectors/track, 967 cylinders
# Units = cylinders of 4096 * 512 = 2097152 bytes
#
#   Device Boot      Start         End      Blocks   Id  System 
#/dev/sdc1   *           1         483      989168    e  FAT16 LBA
#/dev/sdc2             484         967      989184    e  FAT16 LBA
# /dev/disk/by-uuid/03A5-0DFE /media/work/1 vfat defaults,noauto 0 0
/dev/mapper/work /media/work/crypto vfat defaults,noauto 0 0

-- lsmod
Module                  Size  Used by
mperf                   1435  0 
cpufreq_userspace       2184  0 
cpufreq_powersave       1026  0 
cpufreq_stats           3020  0 
cpufreq_conservative     9488  0 
sco                     7948  2 
bnep                   10268  2 
parport_pc             20638  0 
ppdev                   5592  0 
lp                      8831  0 
parport                32026  3 parport_pc,ppdev,lp
l2cap                  31113  3 bnep
crc16                   1659  1 l2cap
bluetooth              51672  5 sco,bnep,l2cap
rfkill                 17075  2 bluetooth
kvm_amd                37786  0 
kvm                   253114  1 kvm_amd
binfmt_misc             6941  1 
uinput                  7051  1 
nfsd                  260439  2 
exportfs                3490  1 nfsd
nfs                   248627  0 
lockd                  63712  2 nfsd,nfs
fscache                40372  1 nfs
nfs_acl                 2381  2 nfsd,nfs
auth_rpcgss            37291  2 nfsd,nfs
sunrpc                194470  6 nfsd,nfs,lockd,nfs_acl,auth_rpcgss
act_police              3981  1 
cls_u32                 5697  1 
sch_ingress             1770  1 
sch_hfsc               11712  1 
sch_sfq                 5096  2 
sch_prio                3623  3 
xt_owner                1178  12 
xt_DSCP                 2093  9 
xt_CLASSIFY             1027  9 
xt_state                1258  2 
xt_tcpudp               2387  76 
xt_mark                 1259  3 
ipt_LOG                 4866  1 
xt_limit                1932  1 
ipt_REJECT              2069  8 
iptable_mangle          1631  1 
iptable_nat             3814  0 
nf_nat                 16843  1 iptable_nat
nf_conntrack_ipv4      11177  5 iptable_nat,nf_nat
nf_conntrack           62936  4 xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_defrag_ipv4          1441  1 nf_conntrack_ipv4
iptable_filter          1650  1 
ip_tables              15179  3 iptable_mangle,iptable_nat,iptable_filter
x_tables               20899  13 xt_owner,xt_DSCP,xt_CLASSIFY,xt_state,xt_tcpudp,xt_mark,ipt_LOG,xt_limit,ipt_REJECT,iptable_mangle,iptable_nat,iptable_filter,ip_tables
ext2                   55260  1 
w83627ehf              21704  0 
hwmon_vid               2178  1 w83627ehf
snd_hda_codec_realtek   283311  1 
nouveau               422699  2 
snd_hda_intel          22326  4 
ttm                    54351  1 nouveau
snd_hda_codec          86875  2 snd_hda_codec_realtek,snd_hda_intel
drm_kms_helper         28206  1 nouveau
drm                   190936  4 nouveau,ttm,drm_kms_helper
snd_hwdep               5922  1 snd_hda_codec
cuse                    5408  3 
fuse                   58463  2 cuse
option                 15829  0 
usb_wwan               10729  1 option
snd_pcm                74452  3 snd_hda_intel,snd_hda_codec
usbserial              32574  2 option,usb_wwan
ohci_hcd               18643  0 
snd_seq                46550  0 
ehci_hcd               31309  0 
snd_timer              19052  2 snd_pcm,snd_seq
snd_seq_device          5896  1 snd_seq
usbcore               142609  6 option,usb_wwan,usbserial,ohci_hcd,ehci_hcd
i2c_algo_bit            4626  1 nouveau
video                  20575  1 nouveau
snd                    59515  15 snd_hda_codec_realtek,snd_hda_intel,snd_hda_codec,snd_hwdep,snd_pcm,snd_seq,snd_timer,snd_seq_device
output                  2255  1 video
sg                     20017  0 
sr_mod                 13299  0 
shpchp                 23887  0 
tpm_tis                 8326  0 
edac_core              39930  0 
psmouse                49977  0 
cdrom                  32991  1 sr_mod
pci_hotplug            23945  1 shpchp
i2c_nforce2             5317  0 
tpm                    13907  1 tpm_tis
processor              29046  0 
forcedeth              46092  0 
soundcore               6619  1 snd
pata_amd               10882  0 
evdev                   7673  13 
k8temp                  3651  0 
edac_mce_amd            8317  0 
snd_page_alloc          7532  2 snd_hda_intel,snd_pcm
nls_base                8021  1 usbcore
i2c_core               22851  5 nouveau,drm_kms_helper,drm,i2c_algo_bit,i2c_nforce2
tpm_bios                5425  1 tpm
pcspkr                  1862  0 
serio_raw               4102  0 
button                  5718  1 nouveau
ext3                  111406  1 
jbd                    43126  1 ext3
mbcache                 6964  2 ext2,ext3
sha256_generic          9551  6 
aes_x86_64              7808  6 
aes_generic            27263  1 aes_x86_64
cbc                     2689  3 
dm_crypt               10728  3 
dm_mod                 64018  5 dm_crypt
sd_mod                 28197  6 
crc_t10dif              1515  1 sd_mod
ata_generic             3507  0 
sata_nv                20101  4 
libata                166568  3 pata_amd,ata_generic,sata_nv
scsi_mod              182958  4 sg,sr_mod,sd_mod,libata
thermal                13224  0 
thermal_sys            13940  3 video,processor,thermal


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.36-rc7-nouveau-2010-10-17 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages cryptsetup depends on:
ii  dmsetup                      2:1.02.48-3 The Linux Kernel Device Mapper use
ii  libc6                        2.11.2-6    Embedded GNU C Library: Shared lib
ii  libdevmapper1.02.1           2:1.02.48-3 The Linux Kernel Device Mapper use
ii  libpopt0                     1.16-1      lib for parsing cmdline parameters
ii  libuuid1                     2.17.2-3.3  Universally Unique ID library

cryptsetup recommends no packages.

Versions of packages cryptsetup suggests:
ii  busybox                       1:1.17.1-4 Tiny utilities for small and embed
ii  dosfstools                    3.0.9-1    utilities for making and checking 
ii  initramfs-tools [linux-initra 0.98.4     tools for generating an initramfs
ii  udev                          161-1      /dev/ and hotplug management daemo

-- no debconf information





More information about the pkg-cryptsetup-devel mailing list