Attaching LVM encrypted volumes (with LUKS) could cause data loss if LUKS headers get corrupted
Bug #1372375 reported by
Patrizio Tufarolo
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Won't Fix
|
Undecided
|
Unassigned | ||
OpenStack Compute (nova) |
Invalid
|
Undecided
|
Unassigned | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
I have doubts about the flow of the volume attaching operation, as defined in /usr/lib/
If the device is not recognized to be a valid luks device, the script is luks formatting it! So if for some reason the luks header get corrupted, it erases the whole data.
To manage corrupted headers there are the
cryptsetup luksHeaderBackup
and
cryptsetup luksHeaderRestore
commands that respectively do the backup and the restore of the headers.
I think that the process has to be reviewed, and the luksFormat operation has to be performed during the volume creation.
information type: | Private Security → Public |
tags: | added: security |
Changed in ossa: | |
status: | New → Won't Fix |
Changed in cinder: | |
status: | New → Won't Fix |
To post a comment you must log in.
Why is this marked as a security bug? It seems like a data loss bug.