|Summary:||publicly exports dm key information|
|Product:||udisks||Reporter:||Martin Pitt <martin.pitt>|
|Component:||detection||Assignee:||David Zeuthen (not reading bugmail) <zeuthen>|
|Status:||RESOLVED FIXED||QA Contact:|
|i915 platform:||i915 features:|
Description Martin Pitt 2010-04-06 09:32:12 UTC
Original bug: http://bugs.debian.org/576687 udisks exports the device-mapper table data to udev. This data includes encryption keys. | E:UDISKS_DM_TARGETS_COUNT=1 | E:UDISKS_DM_TARGETS_TYPE=crypt | E:UDISKS_DM_TARGETS_START=0 | E:UDISKS_DM_TARGETS_LENGTH=1467585 | E:UDISKS_DM_TARGETS_PARAMS=aes-cbc-essiv:sha256\x20XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\x200\x208:5\x200 UDISKS_DM_TARGETS_PARAMS includes the complete table entry, in case of the crypt target this includes the key and iv type. udisks only needs UDISKS_DM_TARGETS_PARAMS for UDISKS_DM_TARGETS_TYPE == "linear", and is only interested in the major/minor of the device and the offset. So we should drop the key information for UDISKS_DM_TARGETS_TYPE == "crypt" or only explicitly set major/minor/offset, and/or not set UDISKS_DM_TARGETS_TYPE for anything != "linear".
Comment 1 Martin Pitt 2010-04-06 11:36:10 UTC
I committed a test for this, which fails right now: http://cgit.freedesktop.org/udisks/commit/?id=4670d2edfb615af94bd9d82d8fd12b7cf8d23b9d ====================================================================== FAIL: LUKS create/teardown ---------------------------------------------------------------------- Traceback (most recent call last): File "tests/run", line 735, in test_0_create_teardown self.failIf('essiv:sha' in out, 'key information in udev properties') AssertionError: key information in udev properties
Comment 2 David Zeuthen (not reading bugmail) 2010-04-06 12:58:15 UTC
(In reply to comment #0) > So we should drop the key information for UDISKS_DM_TARGETS_TYPE == "crypt" or > only explicitly set major/minor/offset, and/or not set UDISKS_DM_TARGETS_TYPE > for anything != "linear". How about just keeping it for linear mappings for the time being? In the future we can keep it for other device mapper targets as well - for example, we want this data for multipath in order to display state about each path etc. etc. etc.
Comment 3 Martin Pitt 2010-04-06 14:08:09 UTC
Before I go and touch any code, I added a new test case which exercises this code path by ensuring that DM partitions (kpartx'ed on a LV) have a correct PartitionSlave property (it involves parsing UDISKS_DM_TARGETS_PARAMS and various DM_* properties). When I disable the UDISKS_DM_TARGETS_PARAMS reading in udisks-part-id, this test case fails.
Comment 4 Martin Pitt 2010-04-06 14:08:50 UTC
(In reply to comment #2) > How about just keeping it for linear mappings for the time being? Works for me. Now that I have test cases for both ends, I'll work on that tomorrow (bedtime now). Thanks!
Comment 5 Martin Pitt 2010-04-06 23:16:27 UTC
Comment 6 Martin Pitt 2010-04-07 08:06:42 UTC
David, I think it's worth pushing out an 1.0.1 with this fix (I also made a couple of other fixes in trunk). Or do you want to wait for the CVE to arrive? (Someone requested one, as far as I understood from #udev).
Comment 7 Kurt Seifried 2010-04-07 19:01:52 UTC
From: Josh Bressers 4/7/10 7:08 PM Re: [oss-security] CVE Request -- udisks v1.0.0 -- (serious)information disclosure Please use CVE-2010-1149 for this. Thanks. -- JB