|Summary:||cryptsetup scripts perform no checks before running mkswap/mkfs with encrypted swap/temp|
|Product:||Gentoo Linux||Reporter:||Hopeless <hopeless>|
|Component:||New packages||Assignee:||Benjamin Smee (strerror) (RETIRED) <strerror>|
|Package list:||Runtime testing required:||---|
Description Hopeless 2007-09-23 16:41:15 UTC
The dm-crypt-start script supplied with sys-fs/cryptsetup-1.0.5 (and cryptsetup-luks) don't preform any checks on the devices given when running mkswap. It's understandable as there is nothing to check, but cryptsetup supports leaving some unencrypted space at the beginning of the device given which could easily be used to check for persistant data. I came up with a really simple mod to the script to preform such a check, which I've been using for about a month now. It requires writing some string (I'm using a uuid) to the device in question and then adding "header=" to the conf.d file with the uuid value. I'm sure there are better ways to do this, but this way is fairly simple and it works perfectly. I'll attach a patch against 1.0.5-dm-crypt-start.sh, but please read the forum thread for further info. Reproducible: Always
Comment 1 Hopeless 2007-09-23 16:46:57 UTC
Created attachment 131715 [details, diff] 1.0.5-dm-crypt-start.sh patch It should also be fairly trivial to use the same check for temp filesystems, by creating a temp= setting working in the same way as the swap= one. I don't use any encrypted temp filesystem myself, but if there is any interest I'd be happy to give a shot at adding it. Also, please excuse the numerous typos in this bug report.
Comment 2 Benjamin Smee (strerror) (RETIRED) 2007-09-28 13:54:57 UTC
I'm not quite sure why you want it to check? Are you trying to protect against the possibility that a user accidentally defines a partition that they don't want as swap? If I understand your patch correctly you want users to echo a string to the swap device to mark it as swap and then put that string in a new var in /etc/conf.d/dmcrypt ? Why not just correctly define the swap in the first place? While I like your patch in concept I tend to not agree of trying to guess what mistakes people can make and then to protect them from it. Let me know shortly precisely why you want this implemented or what scenario I'm not thinking about or I will mark this as "wont-fix" as it simply adds complexity for no real reason that I can see.
Comment 3 Hopeless 2007-09-28 14:16:33 UTC
I was actually thinking more of devices being renamed than simple user error, for example numerous issues on the forums have cropped up recently where devices formerly created as /dev/hd* are now /dev/sd*, and even vice-versa. And while I acknowledge that in most cases this causes the boot to fail long before this script is run, the fact that mkswap (or mkfs) runs on any device at boot time without any checks is enough to make me nervous. Also, one of the beauties of these changes is that there is no added complexity if you don't define the "header" variable, it simply keeps working as before. User error is another reason, but more in the case of when changing partition layouts and updating fstab without updating the dmcrypt conf file too, I almost got caught by this myself once. I do see your point though, and will certainly understand if you mark this as wont-fix, thanks for taking an interest one way or the other.
Comment 4 Benjamin Smee (strerror) (RETIRED) 2007-09-28 14:26:54 UTC
I might add it anyway as it is a nice little feature the problem is documenting this properly because if i'm not careful I'll end up giving seemingly long and unnecessary instructions in post_install() for 99% of users. I'll have a think about it.
Comment 5 Benjamin Smee (strerror) (RETIRED) 2007-10-02 15:49:03 UTC
I've made some changes in 1.0.5-r1. Let me know if you think that solves the problem. I still like the idea of what you've done here, just don't think it's necessary at this point.