[dm-crypt] An observation

Milan Broz gmazyland at gmail.com
Tue Nov 27 18:49:40 CET 2012


On 11/27/2012 06:25 PM, Bhushan Jain wrote:
> Hello Developers,
> 
> I am a student at Stony Brook University researching system security.
> I noticed that the only reason dmcrypt-get-device (from eject package) needs setuid privilege is to read the major:minor numbers (unless I have missed something).
> A lot of distributions (Ubuntu, Fedora, etc.) are trying to avoid use of the setuid bit because it can potentially introduce a privilege escalation attack vector.
> I think the same thing could be accomplished by exporting the major:minor device numbers through a proc file, and then eliminate the need for dmcrypt-get-device.
> I would be happy to send you a patch that does this, if there is interest.  Any comments/thoughts?

Hi,

AFAIK eject package was deprecated and is moved into util-linux upstream
(and almost completely rewritten).

No idea what is dmcrypt-get-device, seems like distro specific hack.
(And moreover, libblkid used in lsblk or blkid is better way to check
UUID/major:minor etc. These run in user context.)

BTW major:minor is in /sys for all block devices (lsblk uses this).

So report it to distro you see this, definitely this should
not need setuid bit!

Milan


More information about the dm-crypt mailing list