Package: cryptsetup Version: 2:1.4.3-4 Severity: normal Tags: security
Hi. It seems not all crypttab options are supported in cryptroot, right? At least this seems to be true for check and precheck. And obviously also for what one has set in /etc/default/cryptdisks I think this needs to be properly documented. - /etc/default/cryptdisks should name where it's settings are used (AFAICS the two initscripts and cryptdisk_start/stop) and where not (cryptroot). - it should also be documented in the manpage. This is especially important, as users may rely on this for security reasons, but (as in case of check/precheck) might not even notice that nothing happens. >From what I can see when lookging at the manpages vs. cryptroot script (I just looked at the part that does the parsing of /conf/conf.d/ so not sure whether these values are really used then in all cases): cipher, size, hash, keyscript, tries, discard => supported in both target, source, key, rootdev => special to cryptroot, not needed in the normal system respectively directly read from crypttab there swap, tmp, noearly, nauto => makes no sense to have this in cryptroot but I think we should a) document this, b) give a warning during initramfs creation, that these were found but ignored lvm => asked that in the other bug already, what it is actually used for But... offset, skip => seem to be not supported in cryptroot... any reason for it? readonly => seems to be not supported in cryptroot... I'm not sure whether it makes much sense to have a read-only dmcrypt root device But why not supporting it.. if some users want this on... who knows e.g. embedded systems? verify => seems to be not supported in cryptsetup... though I'm not sure whether this makes sense for it (I wouldn't even know why I would want to use that at all but in cases of luksFormat)?! luks => For the meta attacks I've mentioned, I'd suggest we take this over in conf/conf.d/cryptroot as well... If luks is there... only set up luks devices... if not... only setup plain devices. This doesn't cost measurable performance... and better safe than sorry. precheck, check and checkargs => think we should definitely support these in cryptroot and handle them analogously to the normal system (i.e. also include /etc/default/cryptdisks in the initrd) and use it... also default to the isLuks check for luks devices and the un-blkid for devices without the "luks" flag. loud, quiet => not supported... but we could add these to conf/conf.d/cryptroot and scripts could use it to control verbosity With respect to the meanin of loud ("Print warnings if a device does not exist.")... as said... for security reasons, it's very stupid if we don't abort the boot process when any of the devices in conf/conf.d/cryptroot couldn't be set up as expected. What do you think? If you agree, I could assist with patches. Cheers, Chris. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org