[pkg-cryptsetup-devel] Bug#652497: cryptdisks: danger in swap
A Mennucc
mennucc1 at debian.org
Sat Dec 17 19:35:09 UTC 2011
Package: cryptsetup
Version: 2:1.3.0-3
Severity: important
File: cryptdisks
hi
'cryptdisks' eases the use of crypted swap partitions,
the instructions in /usr/share/doc/cryptsetup/README.Debian.gz
are very easy; but there is an intrinsic danger.
Indeed, if there is a line such as
cswap1 /dev/sdaXX /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256,hash=sha256
in /etc/crypttab, then , at boot, the OS will happily overwrite
whatever is contained in /dev/sdaXX .
So if for any reason the partion /dev/sdaXX , after a reboot,
points to a different partition/disk, it will be wiped out.
(This does happen sometimes: when the user repartitions the disk,
or has many disks and swaps them, or the BIOS
discover them in different order).
I tried to use
cswap1 UUID=.... /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256,hash=sha256
but it works only once, the UUID is destroyed during use
a.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=it_IT.utf8, LC_CTYPE=it_IT.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages cryptsetup depends on:
ii debconf [debconf-2.0] 1.5.41
ii dmsetup 2:1.02.67-2
ii libc6 2.13-21
ii libcryptsetup1 2:1.3.0-3
ii libpopt0 1.16-1
cryptsetup recommends no packages.
Versions of packages cryptsetup suggests:
ii busybox 1:1.19.3-4
ii dosfstools 3.0.12-1
ii initramfs-tools [linux-initramfs-tool] 0.99
ii liblocale-gettext-perl 1.05-7+b1
ii udev 175-3
-- debconf information excluded
--
Andrea Mennucc
"E' un mondo difficile. Che vita intensa!" (Tonino Carotone)
More information about the pkg-cryptsetup-devel
mailing list