LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 05-28-2010, 12:17 AM   #1
hello.freeman
Member
 
Registered: Apr 2010
Posts: 38

Rep: Reputation: 23
the file permission about encrypted swap on slackware 13.1


I use the follow command to create a encrypted swap :

Code:
bash# echo "cryptswap   /dev/sda5   none   swap" >> /etc/crypttab
and edit the 'fstab' file :
Code:
/dev/sda6 /                ext4        defaults         1   1
/dev/mapper/cryptswap   swap   swap   defaults   0   0

That's work fine, but I found the permission of '/dev/mapper/cryptswap' is like this :
Code:
hello@world:~$ ls -l /dev/mapper/cryptswap 
brw-rw-r-- 1 root disk 253, 4 2010-05-28 12:55 /dev/mapper/cryptswap
Other users can read the file '/dev/mapper/cryptswap', does it harm the system's security ?

Last edited by hello.freeman; 05-28-2010 at 12:24 AM.
 
Old 05-28-2010, 01:28 AM   #2
Mark Pettit
Member
 
Registered: Dec 2008
Location: Cape Town, South Africa
Distribution: Slackware 15.0
Posts: 617

Rep: Reputation: 297Reputation: 297Reputation: 297
I think the strength of a system's security should not be based on whether someone can read (or access) the data, but whether someone can actually make head or tail of it - ie access the data in its cleartext format. If the data was so secure that no-one could ever get to it, then what would be the point of even encrypting it :-) So, unless the keys to decrypt the data were easily available, or the method was weak, I think you're OK.
 
Old 05-28-2010, 04:33 AM   #3
GazL
LQ Veteran
 
Registered: May 2008
Posts: 6,882

Rep: Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988Reputation: 4988
This is the same issue as was reported here.

It happens on all luks devices, not just the swap. Upgrading to cryptsetup 1.1.1 fixes it, although it doesn't fix some of the other issues we've been talking about.


@Mark, That device with the 'others read' attribute is the unencrypted luks mapping of the swap device, not the encrypted partition that is its backing store. Therefore, it's wide open. hello.freeman is right to be concerned. This is definitely a security problem.

Last edited by GazL; 05-28-2010 at 05:30 AM. Reason: spelling
 
Old 05-28-2010, 05:06 AM   #4
Mark Pettit
Member
 
Registered: Dec 2008
Location: Cape Town, South Africa
Distribution: Slackware 15.0
Posts: 617

Rep: Reputation: 297Reputation: 297Reputation: 297
Ah I see. I did try to qualify my answer by asking if the data was in the cleartext. In this case it's not and I agree that it kinda makes the whole thing open and useless. Thanks.
 
Old 05-28-2010, 05:48 AM   #5
hello.freeman
Member
 
Registered: Apr 2010
Posts: 38

Original Poster
Rep: Reputation: 23
Smile

I fixed the problem by added a command in '/etc/rc.d/rc.S' :

Code:
    elif echo $OPTS | grep -wq swap ; then
      # If any of the volumes is to be used as encrypted swap,
      # then encrypt it using a random key and run mkswap:
      echo "Creating encrypted swap on device '$DEV' mapped to '${LUKS}':"
      /sbin/cryptsetup --cipher=aes --key-file=/dev/urandom --key-size=256 create $LUKS $DEV
      chmod 660 /dev/mapper/$LUKS   # Add this line to fix "$LUKS"'s permission
      mkswap /dev/mapper/$LUKS
    fi
It work well. I think writing udev rules also could fix the similar problem. I'll learn it.

thanks very much for the info.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Encrypted swap john99 Incognito 2 11-01-2009 10:52 AM
Encrypted root and swap on thumbdrive itags.org Ubuntu 1 08-02-2009 05:04 PM
Swap : Is it there? Is it encrypted? yeehi Linux - General 2 04-09-2009 09:42 AM
Installed slackware-try to access FAT32 file partition-permission denied-? linus72 Slackware 10 03-23-2009 08:23 AM
automatic encrypted swap system 90-60-90 Linux - Security 2 02-09-2005 04:56 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 09:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration