[Bug 655804] New: losetup silently exits when no encryption key size is specified
https://bugzilla.novell.com/show_bug.cgi?id=655804 https://bugzilla.novell.com/show_bug.cgi?id=655804#c0 Summary: losetup silently exits when no encryption key size is specified Classification: openSUSE Product: openSUSE 11.4 Version: Factory Platform: x86-64 OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: puzel@novell.com ReportedBy: pcerny@novell.com QAContact: qa@suse.de Found By: Development Blocker: --- When used in non-verbose mode, losetup silently exits when a cryptoloop device is set up without specifying the key size for the crypto module. Either an error message mentioning the '-k' command line argument, which is new in version 2.18, should be printed, or a reasonable default value used. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=655804 https://bugzilla.novell.com/show_bug.cgi?id=655804#c Petr Uzel <puzel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |ASSIGNED Status Whiteboard| |util-linux -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=655804 https://bugzilla.novell.com/show_bug.cgi?id=655804#c1 Petr Uzel <puzel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |puzel@novell.com AssignedTo|puzel@novell.com |lnussel@novell.com --- Comment #1 from Petr Uzel <puzel@novell.com> 2010-11-29 11:07:19 UTC ---
Either an error message mentioning the '-k' command line argument, which is new in version 2.18, should be printed, or a reasonable default value used.
This is not in upstream util-linux-ng, but implemented in a Ludwig's patch that is in openSUSE at least since 11.1. # losetup -a # losetup -e aes /dev/loop0 file Password: # losetup -v -e aes /dev/loop0 file Password: please specify a key length # losetup -a # Obvious fix: --- mount/lomount.c.orig 2010-11-29 11:44:05.000000000 +0100 +++ mount/lomount.c 2010-11-29 11:44:26.000000000 +0100 @@ -822,8 +822,7 @@ set_loop(const char *device, const char if(!loopinfo64.lo_encrypt_key_size) { if(!keysz) { - if(verbose) - fprintf(stderr, _("please specify a key length\n")); + fprintf(stderr, _("please specify a key length\n")); return 1; } loopinfo64.lo_encrypt_key_size = keysz>>3; Apart from that, I don't know how to use the -k/-e anyway: # losetup -v -e aes -k 256 /dev/loop0 file Password: ioctl: LOOP_SET_STATUS: Invalid argument (file was created as dd if=/dev/zero of=file ...). Is this supposed to work? Ludwig, the most important question is if we want to retain this patch in future openSUSE/SLE versions. As far as I see, it has been rejected by upstream u-l-ng because cryptoloop is considered deprecated (in favor of cryptsetup??). Thanks. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=655804 https://bugzilla.novell.com/show_bug.cgi?id=655804#c2 --- Comment #2 from Ludwig Nussel <lnussel@novell.com> 2010-11-30 08:48:47 CET --- (In reply to comment #1)
Obvious fix: --- mount/lomount.c.orig 2010-11-29 11:44:05.000000000 +0100 +++ mount/lomount.c 2010-11-29 11:44:26.000000000 +0100 @@ -822,8 +822,7 @@ set_loop(const char *device, const char
if(!loopinfo64.lo_encrypt_key_size) { if(!keysz) { - if(verbose) - fprintf(stderr, _("please specify a key length\n")); + fprintf(stderr, _("please specify a key length\n")); return 1; } loopinfo64.lo_encrypt_key_size = keysz>>3;
Ack.
Apart from that, I don't know how to use the -k/-e anyway:
# losetup -v -e aes -k 256 /dev/loop0 file Password: ioctl: LOOP_SET_STATUS: Invalid argument
(file was created as dd if=/dev/zero of=file ...). Is this supposed to work?
You need to modprobe cryptoloop
Ludwig, the most important question is if we want to retain this patch in future openSUSE/SLE versions. As far as I see, it has been rejected by upstream u-l-ng because cryptoloop is considered deprecated (in favor of cryptsetup??).
In theory it's deprecated, yes. Last time I tried to get rid of the old patch (ie 3 years ago) there were still people that had encrypted loop images in /etc/fstab. I think even today cryptoloop is still the only way to allow users to mount encrypted images. The integration of dmcrypt into mount never happened. So SUSE and Debian kept that patch. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=655804 https://bugzilla.novell.com/show_bug.cgi?id=655804#c3 --- Comment #3 from Petr Cerny <pcerny@novell.com> 2010-11-30 09:51:37 UTC --- (In reply to comment #2)
I think even today cryptoloop is still the only way to allow users to mount encrypted images.
dm-crypt can be used as well. As far as I remember, the catch is that losetup uses the password directly as key (optionally padded with zeros). So you can use e.g. cryptsetup if you force it to use unhashed password and ECB scheme (apart from the cipher/blocksize combination). Yet it probably isn't worth the effort to write a wrapper for mount just because of this. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=655804 https://bugzilla.novell.com/show_bug.cgi?id=655804#c4 --- Comment #4 from Ludwig Nussel <lnussel@novell.com> 2010-11-30 11:07:20 CET --- (In reply to comment #3)
(In reply to comment #2)
I think even today cryptoloop is still the only way to allow users to mount encrypted images.
dm-crypt can be used as well. As far as I remember, the catch is that losetup uses the password directly as key (optionally padded with zeros). So you can use e.g. cryptsetup if you force it to use unhashed password and ECB scheme (apart from the cipher/blocksize combination). Yet it probably isn't worth the effort to write a wrapper for mount just because of this.
That's the upstream util-linux behavior. Our patch adds password hashing. cryptsetup can set up such cryptoloop images just fine indeed, that's what boot.crypto does when reading /etc/cryptotab which was meant for use with cryptoloop. However, the problem is not the crypto stuff but the boring fact that mount is setuid root and the 'user' option allows unprivileged users to mount fstab entries. That's not possible with cryptsetup and /etc/crypttab. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=655804 https://bugzilla.novell.com/show_bug.cgi?id=655804#c5 --- Comment #5 from Petr Uzel <puzel@novell.com> 2010-11-30 12:38:25 UTC --- (In reply to comment #2)
(In reply to comment #1)
Obvious fix: --- mount/lomount.c.orig 2010-11-29 11:44:05.000000000 +0100 +++ mount/lomount.c 2010-11-29 11:44:26.000000000 +0100 @@ -822,8 +822,7 @@ set_loop(const char *device, const char
if(!loopinfo64.lo_encrypt_key_size) { if(!keysz) { - if(verbose) - fprintf(stderr, _("please specify a key length\n")); + fprintf(stderr, _("please specify a key length\n")); return 1; } loopinfo64.lo_encrypt_key_size = keysz>>3;
Ack.
Thanks. Submitted to Factory. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=655804 https://bugzilla.novell.com/show_bug.cgi?id=655804#c6 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED CC| |lnussel@novell.com Resolution| |FIXED AssignedTo|lnussel@novell.com |puzel@novell.com --- Comment #6 from Ludwig Nussel <lnussel@novell.com> 2010-12-01 09:38:43 CET --- so closing as fixed -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com