Your message dated Sun, 26 Mar 2006 14:02:42 -0800 with message-id <[EMAIL PROTECTED]> and subject line Bug#358916: fixed in libpam-mount 0.12.2-3 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: libpam-mount Version: 0.12.2-2 Severity: normal libpam-mount fails to detect an already mounted volume when using an encrypted file system stored in a file and being accessed through a loop device. This results in the file being mounted several times at once (probably leading to file system corruption). libpam-mount checks if the device /dev/mapper/_path_to_loop_file is already mounted to the specified mount point but the included mount.crypt script fails to use this dm device name. Instead it creates a device like /dev/mapper/_dev_loop0. It looks like mount.crypt is intended to support files mounted through a loopback device but there is a small problem with a sed pattern causing it to use the loop device name instead of the name of the associated file. To replicate the problem (as root): # create a file based encrypted file system image mkdir /var/tmp/test dd if=/dev/urandom of=/var/tmp/test.img bs=1M count=20 dd if=/dev/urandom bs=1c count=32 | \ openssl aes-256-ecb > /var/tmp/test.key # enter login password of USER (twice) losetup /dev/loop5 /var/tmp/test.img openssl aes-256-ecb -d < /var/tmp/test.key | \ cryptsetup create test /dev/loop5 # enter login password of USER mkfs -t ext3 /dev/mapper/test cryptsetup remove test losetup -d /dev/loop5 # setup libpam-mount to mount the file for USER echo "volume USER crypt - /var/tmp/test.img /var/tmp/test loop,fstype=ext3 aes-256-ecb /var/tmp/test.key" \ >> /etc/security/pam_mount.conf # two simultaneous logins for USER # (using a PAM service configured for pam_mount) # --> the test file system is mounted twice mount The following patch fixed the problem for me. diff -u -r libpam-mount-0.12.2/scripts/mount.crypt libpam-mount-0.12.2-patched/scripts/mount.crypt --- libpam-mount-0.12.2/scripts/mount.crypt 2005-12-24 14:07:42.000000000 +0200 +++ libpam-mount-0.12.2-patched/scripts/mount.crypt 2006-03-25 07:08:29.794820137 +0200 @@ -136,7 +136,7 @@ # if loop device, make device mapper name based on file pointed to case "$DEVICE" in /dev/loop*) - DMDEVICE=` "$LOSETUP" "$DEVICE" 2>/dev/null | sed -n '/(.+)/ { s/.*(//; s/).*//; p;}'`; + DMDEVICE=` "$LOSETUP" "$DEVICE" 2>/dev/null | sed -n '/(.*)/ { s/.*(//; s/).*//; p;}'`; esac; # if not a loop device or previous command fails use $DEVICE : ${DMDEVICE:=$DEVICE} -- System Information: Debian Release: 3.1 APT prefers stable APT policy: (600, 'stable'), (500, 'testing'), (200, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.8-3-k7 Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8) Versions of packages libpam-mount depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libglib2.0-0 2.6.4-1 The GLib library of C routines ii libssl0.9.7 0.9.7e-3sarge1 SSL shared libraries ii mount 2.12p-4sarge1 Tools for mounting and manipulatin ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime -- no debconf information
--- End Message ---
--- Begin Message ---Source: libpam-mount Source-Version: 0.12.2-3 We believe that the bug you reported is fixed in the latest version of libpam-mount, which is due to be installed in the Debian FTP archive: libpam-mount_0.12.2-3.diff.gz to pool/main/libp/libpam-mount/libpam-mount_0.12.2-3.diff.gz libpam-mount_0.12.2-3.dsc to pool/main/libp/libpam-mount/libpam-mount_0.12.2-3.dsc libpam-mount_0.12.2-3_i386.deb to pool/main/libp/libpam-mount/libpam-mount_0.12.2-3_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bastian Kleineidam <[EMAIL PROTECTED]> (supplier of updated libpam-mount package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 26 Mar 2006 23:36:25 +0200 Source: libpam-mount Binary: libpam-mount Architecture: source i386 Version: 0.12.2-3 Distribution: unstable Urgency: low Maintainer: Bastian Kleineidam <[EMAIL PROTECTED]> Changed-By: Bastian Kleineidam <[EMAIL PROTECTED]> Description: libpam-mount - PAM module that can mount volumes for a user session Closes: 358916 Changes: libpam-mount (0.12.2-3) unstable; urgency=low . * Fix device name for loopback crypt mounts. Patch by Johannes Lehtinen. (Closes: #358916) Files: 5d0e82d9e692d5a2eaf902d42733bd77 669 admin extra libpam-mount_0.12.2-3.dsc 463b5305147def7983062e9d6ec268b8 17664 admin extra libpam-mount_0.12.2-3.diff.gz 5715a95200111f86da0f213b100a2b53 93154 admin extra libpam-mount_0.12.2-3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEJwyjeBwlBDLsbz4RAmQrAJ9Iw636n8cGtXWTEeBELnc8G2pO9gCdHPmf awfx2kwhMeNY7SyNQxNpqXQ= =okh3 -----END PGP SIGNATURE-----
--- End Message ---
