[Bug 474327] Re: Overwrite/destroy not-empty partition due to lack of vol_id from udev

LimCore user.ubuntu at limcore.com
Mon Feb 8 17:41:42 GMT 2010 

** Description changed:

  Binary package hint: cryptsetup
+ 
+ SRU update rationale:
+ 1. impact of the bug on users:
+ Bugs which may, under realistic circumstances, directly cause a loss of user data.
+ Bug can destroy entire partition on user system while booting, if the user change hard drivers order.
+ 
+ 2. how the bug has been addressed
+ In Lucid we are using blk_id, which works.
+ 
+ 3. A minimal patch applicable to the stable version
+ the one-liner patch is attached
+ 
+ 4. Detailed instructions how to reproduce the bug
+ Was described below by the reporter
+ 
+ 5. A discussion of the regression potential of the patch
+ Very unlikely IMHO.
+ It just stops overwriting existing partition and using it to create without a question encrypted swap
+ 
+ ----
  
  /lib/cryptsetup/checks/{un_,}vol_id are supposed to check for a type of
  file system on a disk volume. Functions from
  /lib/cryptsetup/cryptdisks.functions use those checks to determine
  whether it is safe to destroy the contents of a volume by e.g calling
  luks create on it:
  
-     PRECHECK="/lib/cryptsetup/checks/un_vol_id"
+     PRECHECK="/lib/cryptsetup/checks/un_vol_id"
  
-     [...]
+     [...]
  
-        if ! pre_out=$("$PRECHECK" "$src" 2> /dev/null) && \
-            [ "$MAKESWAP" != "yes" ] && \
-            ! /lib/cryptsetup/checks/vol_id "$src" swap >/dev/null; then
-                 log_warning_msg "$dst: the precheck for '$src' failed: $pre_out"
-                 return 1
-         fi
+        if ! pre_out=$("$PRECHECK" "$src" 2> /dev/null) && \
+            [ "$MAKESWAP" != "yes" ] && \
+            ! /lib/cryptsetup/checks/vol_id "$src" swap >/dev/null; then
+                 log_warning_msg "$dst: the precheck for '$src' failed: $pre_out"
+                 return 1
+         fi
  
-     [...]
+     [...]
  
-      cryptsetup $PARAMS create "$dst" "$src"
+      cryptsetup $PARAMS create "$dst" "$src"
  
  /lib/cryptsetup/checks/{un_,}vol_id rely on /lib/udev/vol_id from the
  udev package. In Karmic, vol_id it is no longer present. Most
  unfortunately, in this case the checks *pass* with mere warning:
  
  if test ! -x "/lib/udev/vol_id"; then
-   echo " - WARNING: vol_id from udev is not available, impossible to run checks."
-   exit 0
+   echo " - WARNING: vol_id from udev is not available, impossible to run checks."
+   exit 0
  fi
  
  I would argue that exit 0 should be exit 1 instead, otherwise it can
  lead to silent data corruption in case the disks connected to the
  machine change. Here is how it happend to me:
  
  I installed Karmic on HDD1; at that time it was the only drive in the
  box, and thus it was detected as sda. The installer created this entry
  in /etc/crypttab:
  
  cryptswap1 /dev/sda3 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
  
  After that, I connected my second drive, HDD2, to the box. It happend to
  be connected to the first port of the SATA controller, so when I booted
  off HDD1, hard drive were detected as follows: HDD2: sda, HDD1: sdb. As
  a result, my ext3 partition on HDD2 ("new" sda3) became corrupted
  because of missing vol_id in udev and this bug.
  
  It looks like the move from vol_id to blkid from util-linux is uderway;
  Debian already has /mnt/lib/cryptsetup/checks/blkid, but the same
  problem is present there too:
  
  if test ! -x "/sbin/blkid"; then
-   echo " - WARNING: blkid from util-linux is not available, impossible to run checks."
-   exit 0
+   echo " - WARNING: blkid from util-linux is not available, impossible to run checks."
+   exit 0
  fi
  
  which means data corruption if blkid is missing and your disks changed
  since the time /etc/crypttab was created.

** Description changed:

  Binary package hint: cryptsetup
  
  SRU update rationale:
  1. impact of the bug on users:
  Bugs which may, under realistic circumstances, directly cause a loss of user data.
  Bug can destroy entire partition on user system while booting, if the user change hard drivers order.
  
  2. how the bug has been addressed
  In Lucid we are using blk_id, which works.
+ In Karmic the solution is different - the attached patch makes no_vol_id return failure instead of success if vol_id program is missing, therefore it will stop the overwrite of user partition.
  
  3. A minimal patch applicable to the stable version
  the one-liner patch is attached
  
  4. Detailed instructions how to reproduce the bug
  Was described below by the reporter
  
  5. A discussion of the regression potential of the patch
  Very unlikely IMHO.
  It just stops overwriting existing partition and using it to create without a question encrypted swap
  
  ----
  
  /lib/cryptsetup/checks/{un_,}vol_id are supposed to check for a type of
  file system on a disk volume. Functions from
  /lib/cryptsetup/cryptdisks.functions use those checks to determine
  whether it is safe to destroy the contents of a volume by e.g calling
  luks create on it:
  
      PRECHECK="/lib/cryptsetup/checks/un_vol_id"
  
      [...]
  
         if ! pre_out=$("$PRECHECK" "$src" 2> /dev/null) && \
             [ "$MAKESWAP" != "yes" ] && \
             ! /lib/cryptsetup/checks/vol_id "$src" swap >/dev/null; then
                  log_warning_msg "$dst: the precheck for '$src' failed: $pre_out"
                  return 1
          fi
  
      [...]
  
       cryptsetup $PARAMS create "$dst" "$src"
  
  /lib/cryptsetup/checks/{un_,}vol_id rely on /lib/udev/vol_id from the
  udev package. In Karmic, vol_id it is no longer present. Most
  unfortunately, in this case the checks *pass* with mere warning:
  
  if test ! -x "/lib/udev/vol_id"; then
    echo " - WARNING: vol_id from udev is not available, impossible to run checks."
    exit 0
  fi
  
  I would argue that exit 0 should be exit 1 instead, otherwise it can
  lead to silent data corruption in case the disks connected to the
  machine change. Here is how it happend to me:
  
  I installed Karmic on HDD1; at that time it was the only drive in the
  box, and thus it was detected as sda. The installer created this entry
  in /etc/crypttab:
  
  cryptswap1 /dev/sda3 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
  
  After that, I connected my second drive, HDD2, to the box. It happend to
  be connected to the first port of the SATA controller, so when I booted
  off HDD1, hard drive were detected as follows: HDD2: sda, HDD1: sdb. As
  a result, my ext3 partition on HDD2 ("new" sda3) became corrupted
  because of missing vol_id in udev and this bug.
  
  It looks like the move from vol_id to blkid from util-linux is uderway;
  Debian already has /mnt/lib/cryptsetup/checks/blkid, but the same
  problem is present there too:
  
  if test ! -x "/sbin/blkid"; then
    echo " - WARNING: blkid from util-linux is not available, impossible to run checks."
    exit 0
  fi
  
  which means data corruption if blkid is missing and your disks changed
  since the time /etc/crypttab was created.

-- 
Overwrite/destroy not-empty partition due to lack of vol_id from udev
https://bugs.launchpad.net/bugs/474327
You received this bug notification because you are a member of Ubuntu
Sponsors for main, which is a direct subscriber.

More information about the Ubuntu-main-sponsors mailing list