[Bug 1520652] Re: Erroneous "INSECURE OWNER FOR xxxxx.keyfile"
Ubuntu Foundations Team Bug Bot
1520652 at bugs.launchpad.net
Fri Nov 27 20:17:58 UTC 2015
The attachment "Use UID/GIDs not text aliases; use 'stat' no 'ls | sed'"
seems to be a patch. If it isn't, please remove the "patch" flag from
the attachment, remove the "patch" tag, and if you are a member of the
~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issues please contact him.]
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1520652
Title:
Erroneous "INSECURE OWNER FOR xxxxx.keyfile"
Status in cryptsetup package in Ubuntu:
Triaged
Bug description:
$ ll -n
-r-------- 1 0 0 4096 Sep 1 23:57 xxxxxxxx.keyfile
/lib/cryptsetup/cryptdisks.functions::check_key() checks ownership
based on the name/group alias, not the actual UID/GID, and therefore
breaks if "root" != UID/GID 0.
+ /usr/sbin/cryptdisks_start LUKS_HDD_BOOT
* Starting crypto disk... * LUKS_HDD_BOOT: INSECURE OWNER FOR xxxxxxxx.keyfile, see /usr/share/doc/cryptsetup/README.Debian.
* LUKS_HDD_BOOT: INSECURE OWNER GROUP FOR xxxxxxxx.keyfile, see /usr/share/doc/cryptsetup/README.Debian.
* LUKS_HDD_BOOT (skipped, device /dev/disk/by-uuid/160fa39a-1205-4ad5-be44-9c2c943fb113 does not exist)... [fail]
+ read DM_NAME DEVICE KEYFILE OPTIONS
+ exit 0
The script should not be relying on parsing 'ls' output either. The attached patch fixes both issues.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1520652/+subscriptions
More information about the foundations-bugs
mailing list