[dm-crypt] RC1/2 misbehaviour (bug?)

[dm-crypt] RC1/2 misbehaviour (bug?)

[Heinz Diehl]

Hi,

when recreating and assigning a new keyfile to a deleted keyslot, I'm getting asked
for an existing passphrase _two times_ :

 liesel:/home/htd # cryptsetup luksAddKey /dev/sda3 test.txt --key-slot 0
 Enter any passphrase: 
 Verify passphrase:

From time to time, a warning from device-mapper appears when creating a new
LUKS partition, saying:

 device-mapper: ioctl: unable to remove open device...
 
Both issues happens with RC1 and RC2. Just to let you know ;-)

Thanks,
Heinz.

Re: [dm-crypt] RC1/2 misbehaviour (bug?)

[Milan Broz]

On 10/09/2009 09:47 AM, Heinz Diehl wrote:
> Hi,
> 
> when recreating and assigning a new keyfile to a deleted keyslot, I'm getting asked
> for an existing passphrase _two times_ :
> 
>  liesel:/home/htd # cryptsetup luksAddKey /dev/sda3 test.txt --key-slot 0
>  Enter any passphrase: 
>  Verify passphrase:
> 
>>From time to time, a warning from device-mapper appears when creating a new
> LUKS partition, saying:
> 
>  device-mapper: ioctl: unable to remove open device...
>  
> Both issues happens with RC1 and RC2. Just to let you know ;-)

This is bug but not in cryptsetup.

Someone (probably from udev rule) scan all new devices - here temporary cryptsetup
keystore device.

It must not open these device types, usualy udev rule should contain something like

ENV{DM_UUID}=="CRYPT-TEMP-?*", GOTO="dm_last_rule"
ENV{DM_UUID}!="?*", ENV{DM_NAME}=="temporary-cryptsetup-?*", GOTO="dm_last_rule"

Run cryptsetup with --debug and also check syslog and you will see that it retries
the remove.

You will probably find error that temporary-cryptsetup-$PID device is open and cannot
be removed. Please report it to your distro as bug, you will need check who opened
this device (I guess it is blkid from some generic udev rule)

(This problem was quietly hidden in previous crypestup, because there was 1 second delay
before remove which was enough to hide this dangerous scan.)

Maybe I should add some message to debug about proces name opening that internal device...

Note that it is possible security problem - keystore device contains hashed master
key, no other process except cryptsetup should read that (and store anywhere in
unlocked memory).

(But some rules were written such way, that it scan all new devices in system.
Also it must not react to "add" event but only to "change" event in the case of DM devices.
See lvm & dm list devel for more info if needed, there are already bugs at least
for Debian and Fedora reported. Finally it will be solved by switching to udev rules from
lvm package which will be maintained by lvm/dm developers.)

Milan
--
mbroz@redhat.com

Re: [dm-crypt] RC1/2 misbehaviour (bug?)

[Heinz Diehl]

At Fri, 09 Oct 2009 12:47:42 +0200,
Milan Broz wrote:

> Run cryptsetup with --debug and also check syslog and you will see that it retries
> the remove.

Did it, you're right.
 
> You will probably find error that temporary-cryptsetup-$PID device is open and cannot
> be removed. Please report it to your distro as bug, you will need check who opened
> this device (I guess it is blkid from some generic udev rule)

Yes, I've seen this too. I'm on opensuse 11.1. 
 
> Maybe I should add some message to debug about proces name opening that internal device...

That would be helpful, thanks!
 
> Note that it is possible security problem - keystore device contains hashed master
> key, no other process except cryptsetup should read that (and store anywhere in
> unlocked memory).

This is ugly as hell. I will report this to the opensuse people and try to fix
this immediately on my system.
 
Thanks,
Heinz.