[Bug 474258] Re: Extremely dangerous! cryptswap killed my partition

Sat Feb 18 02:21:44 UTC 2012

I have a patch and a workaround.

PATCH
======
I refactored the code to expose the bug and make it easier to test edge cases:

https://code.launchpad.net/~cezary0/cryptsetup/bugfix474258_refactored

If anyone can think of other/related issues, edge cases or useful test
cases - let me know and I'll try to add the tests, so we can nail this
once and for all. One I'm still thinking about is when an encrypted
partition takes the same device name as the crypttab tmp entry - you
might loose that encrypted partition even with the patch (workaround
below).

I did consider some weird cases where  a new partition contains 2
filesystem headers (reported by wipefs), that can confuse blkid, but
this is probably too obscure and statistically improbable or not
dangerous.

WORKAROUND (identify by partition size instead of label or UUID)
=====================================================
If you want to protect yourself from possibly loosing data, you can do the following:

1. Add "precheck" option to every swap entry in crypttab
2. set CRYPTDISKS_PRECHECK in /etc/default/cryptdisks to a script returning a nonzero value for any device that has data on it.
3. patch cryptdisks.functions, because the condition is just wrong

Example:

1. add "precheck" in /etc/crypttab:
cryptswap2 /dev/sda28 /dev/urandom swap,precheck,cipher=aes-cbc-essiv:sha256

2. set variable in /etc/default/cryptdisks:
CRYPTDISKS_PRECHECK=/usr/local/lib/chk_size

3. sudo mkdir -p /usr/local/lib/chk_size

4. sudo chmod 0755 /usr/local/lib/chk_size

5. discover the size of the partition you want to use:

  sudo sfdisk -s /dev/sda28 # gives partition size

6. create and edit /usr/local/lib/chk_size:

    #!/bin/sh
    EXPECTED_SIZE=2097152  # set to above size
    [ "$(sfdisk -s "$1")" -eq "$EXPECTED_SIZE" ]

7. patch /lib/cryptsetup/cryptdisks.functions:

# Fix it like this (changes:  "" -> "!(";  "!=" -> "=";  "! /lib" ->
"/lib"; "null;" -> "null);" ):

	if ! pre_out=$("$PRECHECK" "$src" 2> /dev/null) && \
    ! ( [ "$MAKESWAP" = "yes" ] && \
    /lib/cryptsetup/checks/blkid "$src" swap >/dev/null); then
		log_warning_msg "$dst: the precheck for '$src' failed: $pre_out"
		return 1

# NOTE: paste to replace the whole section, because it's too easy to
make a mistake

P.S. Use backups / RAID / etc anyway - it ultimately costs less money
and time.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/474258

Title:
  Extremely dangerous! cryptswap killed my partition

Status in “cryptsetup” package in Ubuntu:
  Triaged
Status in “cryptsetup” source package in Precise:
  Triaged
Status in “cryptsetup” package in Debian:
  New

Bug description:
  Binary package hint: cryptmount

  9.10 installed with encrypted "home".
  Had root on /dev/sda1, swap on /dev/sda2, and manually created "data" partition on "/dev/sda3"
  When I deleted /dev/sda2 partition (wanted to move swap to the second HDD) - ubuntu killed my "data" partition!
  I suppose the problem is that /dev/sda3 became /dev/sda2 and the cryptswap utility just killed all the data (about 80 gigs!), because /dev/sda2 is in the /etc/crypttab file as a swap partition...
  Cryptswap should check the type of partition before mounting it as swap.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/474258/+subscriptions