Public bug reported:
$ ll -n
-r-------- 1 0 0 4096 Sep 1 23:57 xxxxxxxx.keyfile
/lib/cryptsetup/cryptdisks.functions::check_key() checks ownership based
on the name/group alias, not the actual UID/GID, and therefore breaks if
"root" != UID/GID 0.
+ /usr/sbin/cryptdisks_start LUKS_HDD_BOOT
* Starting crypto disk...
*
LUKS_HDD_BOOT: INSECURE OWNER FOR xxxxxxxx.keyfile, see
/usr/share/doc/cryptsetup/README.Debian.
* LUKS_HDD_BOOT: INSECURE OWNER GROUP FOR xxxxxxxx.keyfile, see
/usr/share/doc/cryptsetup/README.Debian.
* LUKS_HDD_BOOT (skipped, device
/dev/disk/by-uuid/160fa39a-1205-4ad5-be44-9c2c943fb113 does not exist)...
[fail]
+ read DM_NAME DEVICE KEYFILE OPTIONS
+ exit 0
The script should not be relying on parsing 'ls' output either. The attached
patch fixes both issues.
** Affects: cryptsetup (Ubuntu)
Importance: Undecided
Status: Triaged
** Patch added: "Use UID/GIDs not text aliases; use 'stat' no 'ls | sed'"
https://bugs.launchpad.net/bugs/1520652/+attachment/4526366/+files/cryptdisk-use-UID-use-stat.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1520652
Title:
Erroneous "INSECURE OWNER FOR xxxxx.keyfile"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1520652/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
