[Bug 1835096] Re: Unprivileged user can access LUKS keyfile
Seth Arnold
1835096 at bugs.launchpad.net
Tue Jul 2 18:40:24 UTC 2019
*** This bug is a duplicate of bug 1835095 ***
https://bugs.launchpad.net/bugs/1835095
** Information type changed from Private Security to Public Security
** This bug has been marked a duplicate of bug 1835095
Lubuntu initrd images leaking cryptographic secret when disk encryption is used
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1835096
Title:
Unprivileged user can access LUKS keyfile
Status in initramfs-tools package in Ubuntu:
New
Status in lubuntu-meta package in Ubuntu:
New
Bug description:
Lubuntu 19.04 and newer uses Calamares as installer. During the
installation, the user can choose to encrypt the entire disk (Full
Disk Encryption FDE). Calamares creates an LUKS container (and an EFI-
System-Partition, when needed).
When booting, Grub asks for the passphrase to unlock the LUKS
container. For convenience, there is the keyfile "/crypto_keyfile.bin"
(600, root:root) which will be used later to unlock the LUKS container
again.
An unprivileged user can't copy or read the keyfile. But the keyfile
is also in the initrd.img.
Attack:
Even an unprivileged user has read-access to the initrd.img under /boot, so the attacker can execute:
(1) $ unmkinitramfs /boot/initrd.img-5.0.0.20-generic /tmp/initrd
(2) $ cp /tmp/initrd/main/crypto_keyfile.bin ~
DREAD (LOW = 1, MEDIUM = 2, HIGH = 3):
Damage: HIGH => This attack allows to get the keyfile
Reproducibility: HIGH => Works every time with access to the system
Exploitability: LOW/MEDIUM => You must have access to a shell and the unencrypted device (maybe in combination with another vulnerability)
Affected users: MEDIUM => Every user which uses Lubuntu 19.04 and newer in combination with FDE, maybe also other users
Discoverability: HIGH => The origin of this bug report is publicly logged: https://irclogs.ubuntu.com/2019/07/02/%23lubuntu.html#t10:26
DREAD-Rating: 12/13 of 15
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1835096/+subscriptions
More information about the foundations-bugs
mailing list