Bug 27494 - publicly exports dm key information
Summary: publicly exports dm key information
Status: RESOLVED FIXED
Alias: None
Product: udisks
Classification: Unclassified
Component: detection (show other bugs)
Version: unspecified
Hardware: All All
: medium major
Assignee: David Zeuthen (not reading bugmail)
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-04-06 09:32 UTC by Martin Pitt
Modified: 2010-04-07 19:01 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

Attachments

Description Martin Pitt 2010-04-06 09:32:12 UTC 
Original bug: http://bugs.debian.org/576687


udisks exports the device-mapper table data to udev. This data includes encryption keys.

| E:UDISKS_DM_TARGETS_COUNT=1
| E:UDISKS_DM_TARGETS_TYPE=crypt
| E:UDISKS_DM_TARGETS_START=0
| E:UDISKS_DM_TARGETS_LENGTH=1467585
| E:UDISKS_DM_TARGETS_PARAMS=aes-cbc-essiv:sha256\x20XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\x200\x208:5\x200

UDISKS_DM_TARGETS_PARAMS includes the complete table entry, in case of the crypt target this includes the key and iv type.


udisks only needs UDISKS_DM_TARGETS_PARAMS for UDISKS_DM_TARGETS_TYPE == "linear", and is only interested in the major/minor of the device and the offset.

So we should drop the key information for UDISKS_DM_TARGETS_TYPE == "crypt" or only explicitly set major/minor/offset, and/or not set UDISKS_DM_TARGETS_TYPE for anything != "linear".
Comment 1 Martin Pitt 2010-04-06 11:36:10 UTC 
I committed a test for this, which fails right now:

http://cgit.freedesktop.org/udisks/commit/?id=4670d2edfb615af94bd9d82d8fd12b7cf8d23b9d

======================================================================
FAIL: LUKS create/teardown
----------------------------------------------------------------------
Traceback (most recent call last):
  File "tests/run", line 735, in test_0_create_teardown
    self.failIf('essiv:sha' in out, 'key information in udev properties')
AssertionError: key information in udev properties
Comment 2 David Zeuthen (not reading bugmail) 2010-04-06 12:58:15 UTC 
(In reply to comment #0)
> So we should drop the key information for UDISKS_DM_TARGETS_TYPE == "crypt" or
> only explicitly set major/minor/offset, and/or not set UDISKS_DM_TARGETS_TYPE
> for anything != "linear".

How about just keeping it for linear mappings for the time being? In the future we can keep it for other device mapper targets as well - for example, we want this data for multipath in order to display state about each path etc. etc. etc.
Comment 3 Martin Pitt 2010-04-06 14:08:09 UTC 
Before I go and touch any code, I added a new test case which exercises this code path by ensuring that DM partitions (kpartx'ed on a LV) have a correct PartitionSlave property (it involves parsing UDISKS_DM_TARGETS_PARAMS and various DM_* properties). When I disable the UDISKS_DM_TARGETS_PARAMS reading in udisks-part-id, this test case fails.
Comment 4 Martin Pitt 2010-04-06 14:08:50 UTC 
(In reply to comment #2)
> How about just keeping it for linear mappings for the time being?

Works for me. Now that I have test cases for both ends, I'll work on that tomorrow (bedtime now).

Thanks!
Comment 6 Martin Pitt 2010-04-07 08:06:42 UTC 
David, I think it's worth pushing out an 1.0.1 with this fix (I also made a couple of other fixes in trunk). Or do you want to wait for the CVE to arrive? (Someone requested one, as far as I understood from #udev).
Comment 7 Kurt Seifried 2010-04-07 19:01:52 UTC 
From: 	Josh Bressers   	4/7/10 7:08 PM 	  	
Re: [oss-security] CVE Request -- udisks v1.0.0 -- (serious)information disclosure
Please use CVE-2010-1149 for this.
Thanks.
-- 
   JB

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.