Ubuntu
cryptsetup package

Erroneous "INSECURE OWNER FOR xxxxx.keyfile"

Bug #1520652 reported by TJ on 2015-11-27

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	cryptsetup (Ubuntu)	Triaged	Undecided	Unassigned

Bug Description

$ ll -n
-r-------- 1 0 0 4096 Sep 1 23:57 xxxxxxxx.keyfile

/lib/cryptsetup/cryptdisks.functions::check_key() checks ownership based on the name/group alias, not the actual UID/GID, and therefore breaks if "root" != UID/GID 0.

+ /usr/sbin/cryptdisks_start LUKS_HDD_BOOT
* Starting crypto disk... * LUKS_HDD_BOOT: INSECURE OWNER FOR xxxxxxxx.keyfile, see /usr/share/doc/cryptsetup/README.Debian.
* LUKS_HDD_BOOT: INSECURE OWNER GROUP FOR xxxxxxxx.keyfile, see /usr/share/doc/cryptsetup/README.Debian.
* LUKS_HDD_BOOT (skipped, device /dev/disk/by-uuid/160fa39a-1205-4ad5-be44-9c2c943fb113 does not exist)... [fail]
+ read DM_NAME DEVICE KEYFILE OPTIONS
+ exit 0

The script should not be relying on parsing 'ls' output either. The attached patch fixes both issues.

Tags:

Revision history for this message

TJ (tj) wrote on 2015-11-27:

Use UID/GIDs not text aliases; use 'stat' no 'ls | sed' Edit (1.4 KiB, text/plain)

Revision history for this message

Ubuntu Foundations Team Bug Bot (crichton) wrote on 2015-11-27:

The attachment "Use UID/GIDs not text aliases; use 'stat' no 'ls | sed'" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags:

added: patch

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Use UID/GIDs not text aliases; use 'stat' no 'ls | sed' Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntucryptsetup package