[Bug 1453738] [NEW] installer in LVM mode sets up broken encrypted swap, using duplicate unencrypted swap

[Launchpad Bug Tracker]

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Martin Pitt (pitti):

When installing Ubuntu with "Use LVM" (but not encryption!), and
"encrypt my home dir", the installer adds the original unencrypted swap
to fstab. Then, ecryptfs-setup-swap keeps that, and additionally
configures an encrypted swap via an UUID and without offset (which would
trigger bug 953857 again!), so that you end up with *two* swap configs
for one and the same partition, once unencrypted and once encrypted:

fstab:
/dev/mapper/ubuntu--vg-swap_1 none swap sw 0 0
/dev/mapper/cryptswap1 none swap sw 0 0

crypttab:
cryptswap1 UUID=f636d7ef-9405-482d-a90a-5ba67026fcfb /dev/urandom swap,offset=1024,cipher=aes-xts-plain64

(UUID is for ubuntubuntu--vg-swap_1). This can't work, as the
unencrypted one is faster, so trying to set up the encrypted one fails.

** Affects: ecryptfs
     Importance: Undecided
         Status: New

** Affects: ecryptfs-utils (Ubuntu)
     Importance: High
         Status: Triaged

** Affects: ecryptfs-utils (Ubuntu Trusty)
     Importance: High
         Status: Triaged

** Affects: ecryptfs-utils (Ubuntu Utopic)
     Importance: High
         Status: Triaged

** Affects: ecryptfs-utils (Ubuntu Vivid)
     Importance: High
         Status: Triaged

** Affects: ecryptfs-utils (Ubuntu Wily)
     Importance: High
         Status: Triaged


** Tags: systemd-boot
-- 
installer in LVM mode sets up broken encrypted swap, using duplicate unencrypted swap
https://bugs.launchpad.net/bugs/1453738
You received this bug notification because you are a member of Ubuntu Foundations Bugs, which is subscribed to the bug report.