LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-20-2010, 06:24 AM   #1
x111
Member
 
Registered: Jul 2010
Distribution: Slackware
Posts: 48

Rep: Reputation: 7
Encrypted partition get mounted without being asked for a passphrase?


Hello everybody,
I'm really confused by the ways an encrypted partition get mounted.
If I use the normal mount command:
Code:
# mount /dev/sda2 /mnt/sda2
It just mounts the partition without asking for the passphrase used to create it. I can list the files in /mnt/sda2, create a new file test.txt, but have no access to the files written to the "real encrypted partition".

But if I unmount /mnt/sda2, and mount it again with
Code:
# cryptsetup luksOpen /dev/sda2 vault
# mount /dev/mapper/vault /mnt/sda2
Then I can see/change the content of the encrypted partition but without being able to see/change the file test.txt created previously with the normal mount command.

The reason I'm asking is that I'm having my custom Debian to automount every partition available on the system at boot time. Is there any way/command to tell if a particular partition is encrypted (by cryptsetup) or not? So that I can mount it the right way and not make the users confused (or even harm the encrypted data).
Thanks for your consideration.

Last edited by x111; 09-20-2010 at 06:27 AM. Reason: Better formatting
 
Old 09-20-2010, 10:39 AM   #2
mostlyharmless
Senior Member
 
Registered: Jan 2008
Distribution: Slackware 14.1 (multilib) with kernel 3.15.5
Posts: 1,528
Blog Entries: 12

Rep: Reputation: 171Reputation: 171
Interesting, one can only presume that when you created the encrypted partition, you left some room in the partition as some other filesystem recognized by "mount". Hopefully you aren't overwriting the same space.

If I try mount /dev/sdaX /mnt/somewhere on a LUKS partition, an error message about the filesystem not being recognized ensues. Clearly there must be a differernce in how you made your LUKS partition and how I did it.

What I suggest is that you show us:

fdisk /dev/sda2

and the result of "mount" after you've mounted the partition both ways.
 
Old 09-20-2010, 11:12 AM   #3
GazL
Senior Member
 
Registered: May 2008
Posts: 3,380

Rep: Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913
My guess would be that your previous mount failed and the test.txt file you created is actually in the root filesystem in the /mnt/sda2 directory. Unmount your /mnt/sda2 filesystem and ls -lR /mnt/sda2 and you will probably see it lurking in there.

As for auto unlocking of luks encrypted filesystems at boot time, /etc/crypttab is provided for that purpose, so you may want to read up on that.

Finally, "cryptsetup isLuks <device>" is the correct way to determine if a device contains a luks volume or not.
 
Old 09-20-2010, 10:23 PM   #4
x111
Member
 
Registered: Jul 2010
Distribution: Slackware
Posts: 48

Original Poster
Rep: Reputation: 7
Oh thank you for the replies. I think there's must be something I did wrong when I created the partition. So I'm going to re-create it and check to see if the same thing happens again. It's the 2nd partition of a 256MB usb flash key.

For comparison, here are the result of some commands before I proceed:
Code:
# mkdir /mnt/v1
# ls /mnt/v1
. ..
# mount /dev/sda2 /mnt/v1
# ls /mnt/v1
. .. .gtkrc-2.0 lost+found mhelper
# touch /mnt/v1/test.txt
# ls /mnt/v1
. .. .gtkrc-2.0 lost+found mhelper test.txt
# umount /mnt/v1
# cryptsetup luksOpen /dev/sda2 vault
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.
# mkdir /mnt/v2
# mount /dev/mapper/vault /mnt/v2
# ls /mnt/v2
. .. automount.sh lost+found menu mountcrypt.sh Pictures trix
# cryptsetup isLuks /dev/sda2
# cryptsetup luksDump /dev/sda2
LUKS header information for /dev/sda2

Version:       	1
Cipher name:   	aes
Cipher mode:   	cbc-plain
Hash spec:     	sha1
Payload offset:	1032
MK bits:       	128
(...truncated...)
Key Slot 0: ENABLED
(...truncated...)
 
Old 09-21-2010, 06:04 AM   #5
GazL
Senior Member
 
Registered: May 2008
Posts: 3,380

Rep: Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913
Ahh, I see where you're going wrong. dmcrypt/luks is a block device level encryption, you have to put your filesystem on the encrypted mapping, not the raw partition, roughly something like this:

cryptsetup luksFormat /dev/sda2
cryptsetup luksOpen /dev/sda2 vault
mkfs -t ext4 /dev/mapper/vault
mount /dev/mapper/vault /mnt/v2.

Obviously, that'll wipe the existing contents of /dev/sda2.
You'll probably want to choose a few encryption options on the luksFormat too.

Once it's setup, you just do the luksOpen and the mount to access the existing contents.

Last edited by GazL; 09-25-2010 at 05:23 AM. Reason: typo/spelling
 
1 members found this post helpful.
Old 09-21-2010, 12:01 PM   #6
mostlyharmless
Senior Member
 
Registered: Jan 2008
Distribution: Slackware 14.1 (multilib) with kernel 3.15.5
Posts: 1,528
Blog Entries: 12

Rep: Reputation: 171Reputation: 171
Agree with above. Also, if you did ls /mnt/v1 after umount /mnt/v1, or just "mount" prior you could also check the supposition by Gazl that the mount failed and that the file is actually on the mount point.
 
1 members found this post helpful.
Old 09-25-2010, 04:46 AM   #7
x111
Member
 
Registered: Jul 2010
Distribution: Slackware
Posts: 48

Original Poster
Rep: Reputation: 7
Oh yes. I dont remember what I did to create a luks partition on the drive but it is the cause. I just created it again and now everything's normal again. Thank you all.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is the disk partition mounted or not mounted? Kenarkies Linux - Kernel 3 01-16-2010 02:06 AM
[SOLVED] Entering passphrase on LUKS partition with USB brooky9999 Slackware 7 04-09-2009 04:22 AM
HAL daemon does not reconize a mounted partition as mounted 888m Slackware 4 07-30-2007 12:58 PM
Sucessfully encrypted partition with a passphrase bobbelfield Linux - Security 1 02-04-2006 09:37 PM


All times are GMT -5. The time now is 09:53 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration