[pkg-cryptsetup-devel] Bug#652497: Bug#652497: cryptdisks: danger in swap

Jonas Meurer jonas at freesources.org
Sat Mar 10 00:47:18 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey,

Am 29.01.2012 11:20, schrieb C.M.:
> Package: cryptsetup Version: 2:1.3.0-3.1 Followup-For: Bug #652497
> 
> Hi, I can reproduce this error on current unstable. (But looks the
> same for stable)
> 
> I believe the problem is caused by conditions in
> /lib/cryptsetup/cryptdisks.functions in the precheck-function
> do_noluks() lines 319-324 that explicitly disable the
> filesystem-check for the source device if a swap target is about to
> be started:
> 
> if ! pre_out=$("$PRECHECK" "$src" 2> /dev/null) && \ [ "$MAKESWAP"
> != "yes" ] && \ ! /lib/cryptsetup/checks/blkid "$src" swap
> >/dev/null; then log_warning_msg "$dst: the precheck for '$src'
> failed: $pre_out" return 1 fi
> 
> -> The creation of an encrypted file system on the source device
> will fail if blkid _finds_ a known filesystem on the source device
> that is something other than swap AND when there is no intention to
> create a swap device.
> 
> Indeed this checking works fine when trying to run an encrypted tmp
> on a known filesystem like e.g. /.
> 
> Inversely these conditions imply that its fine to override a
> filesystem if it either used to be a swap partition or override any
> other filesystem type if you want to put an encrypted swap on it.
> 
> Removing the second (and third if you wish) condition will make
> 
> cryptdisks_start /dev/sdXX
> 
> fail if there is already a proper well-known filesystem on it.

sorry for the long delay. To make a long story short: C.M. seems to
right, and the check conditions for do_noluks() in
cryptdisks.functions seemed to be wrong. I hopefully fixed them now,
but didn't find time to properly test them yet.

I prepared packages with the fix. It would be great if you could give
them a try an report back. You can find the packages here:

http://people.debian.org/~mejo/debian/mejo-unstable/

Regards,
 jonas

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPWqSWAAoJEFJi5/9JEEn+k/QQAI3KDAQgbn7npIshewbwuRCj
o6VWWqlQWNC6XBOTc9Y9HucxbdMXps6Z6pQdTsnq+J1rDFjVNr79Yl/W7H/zjR2J
AoQnSaxD/vgbGFdfP+LfufYmljlj1PNEZZ+2ZS7DVm+FyAbkHxJGM2mVvyw93zX6
iFKSOTiHh74UkZZQ/bweKUTxelUkRbGV7jO6D5k0bp8Z2r2/I8ighbC2KJp1tFht
3jfnLloRuaD26TWxWGtLF47T2iftyqMw5RSZSw2fY8NUFXrmnwA0mmdv1Sfa7a44
HwMYHi2LqRPmtSI34brGtvarJkElo8NAA0ljg3oxFGgpr6qiZCa1Q5jbyWNcuA6x
JiwvW7OEYb/gp2Fx2L4RjAXz34yprPc0PjdYWbqlUEFLGFEQQdT/P02QwdLg/sqA
8bHhh/w3a5cT9QbfTcSLcsApM9NFljJqB6iGsi96m9rHpA73eeg3+kwaJkS3rHHe
9XQ9n7VYuctgXHaq+fmjii7q5NCXcBHtE5lgfNTON8ymRAtJiXj82qK/+/VjmZHI
uJ+KN8UShC6jPz9L4ftKIeYVEUToeDEHKRsWqg0P+A5LKfBnnQqxbuL1cRqUPGgc
A/3oTOmt0/nT9W7SGvkFyxr2odiRKvXYgKUbv71LUCITJHvTEdWr5abTkSgDpfM0
8Bpbtl8gD4z2NT29jEGb
=OOAm
-----END PGP SIGNATURE-----





More information about the pkg-cryptsetup-devel mailing list