crypto loop bug

From: Walter Hofmann (walter.hofmann@physik.stud.uni-erlangen.de)
Date: Fri Jul 21 2000 - 12:52:41 EST


I'm running 2.2.17pre12 with crypto patch 16.4.

It seems that the decrypted data from a loop device is cached between
destroys and new setups of loop devices. You cannot see this if you just
mount the loop devices because mount seems unaffected, but fsck will
show the error.

Attached is an example session.

This is a security problem because users can see decrypted data even
after the loop device was destroyed (imagine a setuid application which
allows users to mount their own encrypted file systems).

Example:

frodo:/home/wh # /usr/local/bin/losetup -e serpent /dev/loop0 /usr/local/loop/wh
Password : wrong password

frodo:/home/wh # mount -t ext2 /dev/loop0 /mnt
mount: wrong fs type, bad option, bad superblock on /dev/loop0,
       or too many mounted file systems

frodo:/home/wh # /usr/local/bin/losetup -d /dev/loop0

frodo:/home/wh # /usr/local/bin/losetup -e serpent /dev/loop0 /usr/local/loop/wh
Password : correct password

frodo:/home/wh # /sbin/e2fsck /dev/loop0
e2fsck 1.18, 11-Nov-1999 for EXT2 FS 0.5b, 95/08/09
Group descriptors look bad... trying backup blocks...
/sbin/e2fsck: Bad magic number in super-block while trying to open /dev/loop0
 
The superblock could not be read or does not describe a correct ext2
filesystem. If the device is valid and it really contains an ext2
filesystem (and not swap or ufs or something else), then the superblock
is corrupt, and you might try running e2fsck with an alternate superblock:
    e2fsck -b 8193 <device>
 
frodo:/home/wh # mount /dev/loop0 /mnt

frodo:/home/wh # umount /mnt

frodo:/home/wh # /sbin/e2fsck /dev/loop0
e2fsck 1.18, 11-Nov-1999 for EXT2 FS 0.5b, 95/08/09
/dev/loop0: clean, 4650/81920 files, 66139/163840 blocks

Walter

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Mon Jul 31 2000 - 21:00:31 EST