[Bug 2065510] Re: /lib/cryptsetup/scripts/decrypt_derived reveals encryption keys to non-root processes
Seth Arnold
2065510 at bugs.launchpad.net
Wed May 29 01:40:25 UTC 2024
Nice find, Hadmut, thanks.
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/2065510
Title:
/lib/cryptsetup/scripts/decrypt_derived reveals encryption keys to
non-root processes
Status in cryptsetup package in Ubuntu:
New
Bug description:
Hi,
the shell script
/lib/cryptsetup/scripts/decrypt_derived
has several commands using a secret encryption key as a command line
argument, such as
count="$(printf '%s' "$keys" | wc -l)"
printf '%s' "$keys"
Never ever put confidential data on command line, since command line arguments can be seen from all processes with ps
ProblemType: Bug
DistroRelease: Ubuntu 23.10
Package: cryptsetup 2:2.6.1-4ubuntu3
ProcVersionSignature: Ubuntu 6.5.0-26.26-generic 6.5.13
Uname: Linux 6.5.0-26-generic x86_64
NonfreeKernelModules: zfs
ApportVersion: 2.27.0-0ubuntu5
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: LXQt
Date: Sun May 12 00:34:41 2024
InstallationDate: Installed on 2023-11-23 (170 days ago)
InstallationMedia: Lubuntu 23.10 "Mantic Minotaur" - Release amd64 (20231010)
SourcePackage: cryptsetup
UpgradeStatus: No upgrade log present (probably fresh install)
cmdline: BOOT_IMAGE=/boot/vmlinuz-6.5.0-26-generic root=UUID=2492f316-63b1-4d54-91c1-93977da2b542 ro quiet cryptdevice=UUID=7e853824-e105-467f-b0a2-58b3b2334318:luks-7e853824-e105-467f-b0a2-58b3b2334318 root=/dev/mapper/luks-7e853824-e105-467f-b0a2-58b3b2334318 splash vt.handoff=7
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/2065510/+subscriptions
More information about the foundations-bugs
mailing list