Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openmediavault-luksencryption unsafe usage of devices instead of partitions (potential data loss) #47

Open
meyergru opened this issue May 16, 2023 · 1 comment
Open

openmediavault-luksencryption unsafe usage of devices instead of partitions (potential data loss) #47

meyergru opened this issue May 16, 2023 · 1 comment

Comments

@meyergru
Copy link

Describe the bug

When openmediavault-luksencryption is applied to a device like /dev/md0, it uses the whole device instead of a partition that covers the whole device.

I was so unlucky as to have the automatic partition scanning of Linux to think that there existed two partitions /dev/md0p1 and /dev/md0p2 on my device with 1.5 TByte and 750 GByte each. I think this was because of a random combination of data in the LUKS header or in the content itself. When I tested via parted, there was no valid label on the device.

This led to many problems:

  1. In the GUI RAID overview, those devices were shown. After I verified that they devices were unneeded, I tried to remove them in the GUI, thereby removing /dev/md0 as well. Probably the mere existence of these devices would have destroyed the drive content anyway as the recovery of those devices had not begun yet.

  2. Upon a reboot, when the RAID5 buildup was not finished yet, the rebuild did not continue, saying "resync=PENDING".

Since I think that one cannot disable probing for partitions, the proper way of handling this would be to create a GPT disk label and a large partition covering the whole device and put the LUKS containers into that partition. When I tried this manually, I could not choose the partition for encryption via the GUI.

You cannot rely on "random data" on a device not to trigger this behaviour.

To Reproduce

Probably hard, because of random LUKS key material.

Expected behavior

LUKS containers should only be created on partitions, not on raw devices in order to not make system components think that there partitions which are in fact not there (i.e. LUKS headers or data misinterpreted for partition info).

Reference to Forum

https://forum.openmediavault.org/index.php?thread/47821-bug-report-openmediavault-luksencryption-unsafe-usage-of-devices-instead-of-part/

openmediavault Server (please complete the following information):

  • OS version: Linux sixwd 6.1.0-0.deb11.6-amd64 Merge keyfile branch #1 SMP PREEMPT_DYNAMIC Debian 6.1.15-1~bpo11+1 (2023-03-16) x86_64 GNU/Linux
  • openmediavault version: 6.3.11-2

Client (please complete the following information):

none
@ryecoaaron
Copy link
Member

Creating a thread on the forum and on github at the same time is confusing. Will continue discussion on forum because I do not think this is a bug.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ryecoaaron @meyergru