[pkg-cryptsetup-devel] Bug#652497: cryptdisks: danger in swap
C.M.
carsten.meissa at gmx.de
Sun Jan 29 10:20:15 UTC 2012
Package: cryptsetup
Version: 2:1.3.0-3.1
Followup-For: Bug #652497
Hi,
I can reproduce this error on current unstable.
(But looks the same for stable)
I believe the problem is caused by conditions
in /lib/cryptsetup/cryptdisks.functions
in the precheck-function do_noluks() lines 319-324
that explicitly disable the filesystem-check for
the source device if a swap target is about to be
started:
if ! pre_out=$("$PRECHECK" "$src" 2> /dev/null) && \
[ "$MAKESWAP" != "yes" ] && \
! /lib/cryptsetup/checks/blkid "$src" swap >/dev/null; then
log_warning_msg "$dst: the precheck for '$src' failed: $pre_out"
return 1
fi
-> The creation of an encrypted file system on the source device will
fail if blkid _finds_ a known filesystem on the source device that is
something other than swap AND when there is no intention to create a swap device.
Indeed this checking works fine when trying to run an encrypted tmp on a known filesystem
like e.g. /.
Inversely these conditions imply that its fine to override a filesystem if it either used
to be a swap partition or override any other filesystem type if you
want to put an encrypted swap on it.
Removing the second (and third if you wish) condition will
make
cryptdisks_start /dev/sdXX
fail if there is already a proper well-known filesystem on it.
Still, I don't know if that interferes with the installer or so...
C.M.
-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-3.2.0-1-amd64 root=UUID=1b19e06e-da62-45dc-bd12-f1b477b96f0c ro
-- /etc/crypttab
# <target name> <source device> <key file> <options>
swap_crypt /dev/sdb1 /dev/urandom cipher=aes-cbc-essiv:sha256,size=128,swap
-- /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
# / was on /dev/sda1 during installation
UUID=1b19e06e-da62-45dc-bd12-f1b477b96f0c / ext3 errors=remount-ro 0 1
/dev/mapper/swap_crypt none swap sw 0 0
/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto 0 0
-- lsmod
Module Size Used by
loop 22641 0
sha256_generic 16797 2
cryptd 14517 0
aes_x86_64 16796 2
aes_generic 33026 1 aes_x86_64
cbc 12754 1
dm_crypt 22586 1
dm_mod 63545 3 dm_crypt
snd_pcm 63900 0
snd_timer 22917 1 snd_pcm
snd 52850 2 snd_pcm,snd_timer
soundcore 13065 1 snd
snd_page_alloc 13003 1 snd_pcm
psmouse 64455 0
parport_pc 22364 0
serio_raw 12931 0
pcspkr 12579 0
evdev 17562 2
parport 31858 1 parport_pc
button 12937 0
processor 28059 0
i2c_piix4 12536 0
i2c_core 23876 1 i2c_piix4
thermal_sys 18040 1 processor
ext3 161867 1
jbd 56902 1 ext3
mbcache 13065 1 ext3
sd_mod 36136 4
crc_t10dif 12348 1 sd_mod
ata_generic 12479 0
floppy 53129 0
8139too 26492 0
ata_piix 25439 2
libata 140589 2 ata_generic,ata_piix
8139cp 22699 0
mii 12675 2 8139too,8139cp
scsi_mod 162417 2 sd_mod,libata
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages cryptsetup depends on:
ii debconf [debconf-2.0] 1.5.41
ii dmsetup 2:1.02.67-2
ii libc6 2.13-24
ii libcryptsetup1 2:1.3.0-3.1
ii libpopt0 1.16-3
cryptsetup recommends no packages.
Versions of packages cryptsetup suggests:
ii busybox 1:1.19.3-5
ii dosfstools <none>
ii initramfs-tools [linux-initramfs-tool] 0.99
ii liblocale-gettext-perl 1.05-7+b1
ii udev 175-3
-- debconf information:
cryptsetup/prerm_active_mappings: true
More information about the pkg-cryptsetup-devel
mailing list