Ubuntu
cryptsetup package

Possible data loss caused by cryptdisks_start

Bug #573858 reported by Maik Messerschmidt
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cryptsetup (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: cryptsetup

cryptdisks_start can lead to a data loss:

By upgrading from karmic to lucid device names for harddisks changed. (SATA is now assigned second, IDE first - at least on my system.) After this the original swap partition name (/dev/sda1, now /dev/sdb1) pointed to a windows ntfs filesystem (now /dev/sda1, /dev/sdb1 before).

swapon checks for a swap signature before using a partition, however the device mapper, which the cryptsetup uses for providing encrypted devices, does not check anything, since it simply expects data, which is not interpreted in any way (by the device mapper itself). Resulting from this the device mapper happely provides a data partition for cryptsetup. (In my case it made windows unbootable, but there had been lots of trouble, if my swap usage was higher!)

cryptdisks_start should somehow make sure that such things don't happen. UUIDs can be used without any further checking, but in case of pure device names, it should at least make sure, that the partition ID is 82 (Linux Swap / Solaris) or not accept pure device names at all for swap.

Workaround:
Use UUIDs in /etc/crypttab, this makes sure no wrong partition is used for swap.

In order to check, whether your system is affected use 'free' to check, whether swap size is correct. I myself was able to get windows back to boot, but in other cased, the ntfs filesystem may be damaged much more.

References - I think these errors may be caused by above bug:
http://www.supergrubdisk.org/forum/index.php?topic=467
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/571893

I myself thought, that it was a grub bug first, but I think cryptsetup (cryptdisk_start) is the real problem.

...

Just checked the scripts a bit and it seems, that checking is really done. /sbin/blkid is called by the scripts, but it does return nothing for a swap partition (with an empty label in my case). Maybe this is a bug in /sbin/blkid from util-linux, but I'm not sure, since I don't completly understand the scripts in /lib/cryptsetup/*.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: cryptsetup 2:1.1.0~rc2-1ubuntu13
ProcVersionSignature: Ubuntu 2.6.32-21.32-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-21-generic i686
NonfreeKernelModules: fglrx
Architecture: i386
Date: Sun May 2 19:26:37 2010
ProcEnviron:
 PATH=(custom, no user)
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
SourcePackage: cryptsetup
crypttab:
 # <target name> <source device> <key file> <options>
 cryptswap1 UUID=e3d8e700-f75a-4f54-ae49-fd3a770c39a7 /dev/urandom swap,cipher=aes-cbc-essiv:sha256

See original description
Revision history for this message
Maik Messerschmidt (maik-messerschmidt) wrote :
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.