[Bug 1835096] Re: Unprivileged user can access LUKS keyfile

Seth Arnold 1835096 at bugs.launchpad.net
Tue Jul 2 18:40:24 UTC 2019 

*** This bug is a duplicate of bug 1835095 ***
    https://bugs.launchpad.net/bugs/1835095

** Information type changed from Private Security to Public Security

** This bug has been marked a duplicate of bug 1835095
   Lubuntu initrd images leaking cryptographic secret when disk encryption is used

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1835096

Title:
  Unprivileged user can access LUKS keyfile

Status in initramfs-tools package in Ubuntu:
  New
Status in lubuntu-meta package in Ubuntu:
  New

Bug description:
  Lubuntu 19.04 and newer uses Calamares as installer. During the
  installation, the user can choose to encrypt the entire disk (Full
  Disk Encryption FDE). Calamares creates an LUKS container (and an EFI-
  System-Partition, when needed).

  When booting, Grub asks for the passphrase to unlock the LUKS
  container. For convenience, there is the keyfile "/crypto_keyfile.bin"
  (600, root:root) which will be used later to unlock the LUKS container
  again.

  An unprivileged user can't copy or read the keyfile. But the keyfile
  is also in the initrd.img.

  Attack:
  Even an unprivileged user has read-access to the initrd.img under /boot, so the attacker can execute:
  (1) $ unmkinitramfs /boot/initrd.img-5.0.0.20-generic /tmp/initrd
  (2) $ cp /tmp/initrd/main/crypto_keyfile.bin ~

  DREAD (LOW = 1, MEDIUM = 2, HIGH = 3):
  Damage: HIGH => This attack allows to get the keyfile
  Reproducibility: HIGH => Works every time with access to the system
  Exploitability: LOW/MEDIUM => You must have access to a shell and the unencrypted device (maybe in combination with another vulnerability)
  Affected users: MEDIUM => Every user which uses Lubuntu 19.04 and newer in combination with FDE, maybe also other users
  Discoverability: HIGH => The origin of this bug report is publicly logged: https://irclogs.ubuntu.com/2019/07/02/%23lubuntu.html#t10:26

  DREAD-Rating: 12/13 of 15

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835096/+subscriptions

More information about the foundations-bugs mailing list