[pkg-cryptsetup-devel] Bug#714380: cryptsetup: not all crypttab options supported in cryptroot. should be documented or support added
Christoph Anton Mitterer
calestyo at scientia.net
Fri Jun 28 15:28:59 UTC 2013
Package: cryptsetup
Version: 2:1.4.3-4
Severity: normal
Tags: security
Hi.
It seems not all crypttab options are supported in cryptroot, right?
At least this seems to be true for check and precheck.
And obviously also for what one has set in /etc/default/cryptdisks
I think this needs to be properly documented.
- /etc/default/cryptdisks should name where it's settings are used
(AFAICS the two initscripts and cryptdisk_start/stop) and where not
(cryptroot).
- it should also be documented in the manpage.
This is especially important, as users may rely on this for security
reasons, but (as in case of check/precheck) might not even notice
that nothing happens.
>From what I can see when lookging at the manpages vs. cryptroot script
(I just looked at the part that does the parsing of /conf/conf.d/ so not
sure whether these values are really used then in all cases):
cipher, size, hash, keyscript, tries, discard
=> supported in both
target, source, key, rootdev
=> special to cryptroot, not needed in the normal system respectively
directly read from crypttab there
swap, tmp, noearly, nauto
=> makes no sense to have this in cryptroot
but I think we should a) document this, b) give a warning during initramfs
creation, that these were found but ignored
lvm
=> asked that in the other bug already, what it is actually used for
But...
offset, skip
=> seem to be not supported in cryptroot... any reason for it?
readonly
=> seems to be not supported in cryptroot...
I'm not sure whether it makes much sense to have a read-only dmcrypt root device
But why not supporting it.. if some users want this on... who knows
e.g. embedded systems?
verify
=> seems to be not supported in cryptsetup... though I'm not sure whether
this makes sense for it (I wouldn't even know why I would want to use that
at all but in cases of luksFormat)?!
luks
=> For the meta attacks I've mentioned, I'd suggest we take this over in
conf/conf.d/cryptroot as well...
If luks is there... only set up luks devices... if not... only setup plain
devices.
This doesn't cost measurable performance... and better safe than sorry.
precheck, check and checkargs
=> think we should definitely support these in cryptroot and handle them
analogously to the normal system (i.e. also include /etc/default/cryptdisks
in the initrd) and use it... also default to the isLuks check for luks devices
and the un-blkid for devices without the "luks" flag.
loud, quiet
=> not supported... but we could add these to conf/conf.d/cryptroot
and scripts could use it to control verbosity
With respect to the meanin of loud ("Print warnings if a device does not exist.")...
as said... for security reasons, it's very stupid if we don't abort the boot
process when any of the devices in conf/conf.d/cryptroot couldn't be set up
as expected.
What do you think? If you agree, I could assist with patches.
Cheers,
Chris.
More information about the pkg-cryptsetup-devel
mailing list