Launchpad has imported 8 comments from the remote bug at http://bugs.freedesktop.org/show_bug.cgi?id=27494.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2010-04-06T09:32:12+00:00 Martin Pitt wrote: Original bug: http://bugs.debian.org/576687 udisks exports the device-mapper table data to udev. This data includes encryption keys. | E:UDISKS_DM_TARGETS_COUNT=1 | E:UDISKS_DM_TARGETS_TYPE=crypt | E:UDISKS_DM_TARGETS_START=0 | E:UDISKS_DM_TARGETS_LENGTH=1467585 | E:UDISKS_DM_TARGETS_PARAMS=aes-cbc-essiv:sha256\x20XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\x200\x208:5\x200 UDISKS_DM_TARGETS_PARAMS includes the complete table entry, in case of the crypt target this includes the key and iv type. udisks only needs UDISKS_DM_TARGETS_PARAMS for UDISKS_DM_TARGETS_TYPE == "linear", and is only interested in the major/minor of the device and the offset. So we should drop the key information for UDISKS_DM_TARGETS_TYPE == "crypt" or only explicitly set major/minor/offset, and/or not set UDISKS_DM_TARGETS_TYPE for anything != "linear". Reply at: https://bugs.launchpad.net/udisks/+bug/556651/comments/0 ------------------------------------------------------------------------ On 2010-04-06T11:36:10+00:00 Martin Pitt wrote: I committed a test for this, which fails right now: http://cgit.freedesktop.org/udisks/commit/?id=4670d2edfb615af94bd9d82d8fd12b7cf8d23b9d ====================================================================== FAIL: LUKS create/teardown ---------------------------------------------------------------------- Traceback (most recent call last): File "tests/run", line 735, in test_0_create_teardown self.failIf('essiv:sha' in out, 'key information in udev properties') AssertionError: key information in udev properties Reply at: https://bugs.launchpad.net/udisks/+bug/556651/comments/1 ------------------------------------------------------------------------ On 2010-04-06T12:58:15+00:00 Zeuthen wrote: (In reply to comment #0) > So we should drop the key information for UDISKS_DM_TARGETS_TYPE == "crypt" or > only explicitly set major/minor/offset, and/or not set UDISKS_DM_TARGETS_TYPE > for anything != "linear". How about just keeping it for linear mappings for the time being? In the future we can keep it for other device mapper targets as well - for example, we want this data for multipath in order to display state about each path etc. etc. etc. Reply at: https://bugs.launchpad.net/udisks/+bug/556651/comments/2 ------------------------------------------------------------------------ On 2010-04-06T14:08:09+00:00 Martin Pitt wrote: Before I go and touch any code, I added a new test case which exercises this code path by ensuring that DM partitions (kpartx'ed on a LV) have a correct PartitionSlave property (it involves parsing UDISKS_DM_TARGETS_PARAMS and various DM_* properties). When I disable the UDISKS_DM_TARGETS_PARAMS reading in udisks-part-id, this test case fails. Reply at: https://bugs.launchpad.net/udisks/+bug/556651/comments/3 ------------------------------------------------------------------------ On 2010-04-06T14:08:50+00:00 Martin Pitt wrote: (In reply to comment #2) > How about just keeping it for linear mappings for the time being? Works for me. Now that I have test cases for both ends, I'll work on that tomorrow (bedtime now). Thanks! Reply at: https://bugs.launchpad.net/udisks/+bug/556651/comments/4 ------------------------------------------------------------------------ On 2010-04-06T23:16:27+00:00 Martin Pitt wrote: http://cgit.freedesktop.org/udisks/commit/?id=0fcc7cb3b66f23fac53ae08647aa0007a2bd56c4 Reply at: https://bugs.launchpad.net/udisks/+bug/556651/comments/7 ------------------------------------------------------------------------ On 2010-04-07T08:06:42+00:00 Martin Pitt wrote: David, I think it's worth pushing out an 1.0.1 with this fix (I also made a couple of other fixes in trunk). Or do you want to wait for the CVE to arrive? (Someone requested one, as far as I understood from #udev). Reply at: https://bugs.launchpad.net/udisks/+bug/556651/comments/9 ------------------------------------------------------------------------ On 2010-04-07T19:01:52+00:00 Kurt-seifried wrote: From: Josh Bressers 4/7/10 7:08 PM Re: [oss-security] CVE Request -- udisks v1.0.0 -- (serious)information disclosure Please use CVE-2010-1149 for this. Thanks. -- JB Reply at: https://bugs.launchpad.net/udisks/+bug/556651/comments/14 ** Changed in: udisks Status: Unknown => Fix Released ** Changed in: udisks Importance: Unknown => High -- publicly exports dm key information https://bugs.launchpad.net/bugs/556651 You received this bug notification because you are a member of Registry Administrators, which is the registrant for Debian. _______________________________________________ Mailing list: https://launchpad.net/~registry Post to : [email protected] Unsubscribe : https://launchpad.net/~registry More help : https://help.launchpad.net/ListHelp
