Bug 500352 - mount helper asks different set questions when the mount options are OK and when are not
Summary: mount helper asks different set questions when the mount options are OK and w...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: ecryptfs-utils
Version: 5.4
Hardware: All
OS: Linux
low
low
Target Milestone: rc
: ---
Assignee: Michal Hlavinka
QA Contact: BaseOS QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-05-12 12:12 UTC by Michal Nowak
Modified: 2013-03-08 02:06 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-02 09:57:17 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
allow only correct values to ecryptfs_key_bytes (1.86 KB, patch)
2009-05-12 15:54 UTC, Michal Hlavinka 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1307 0 normal SHIPPED_LIVE Low: ecryptfs-utils security, bug fix, and enhancement update 2009-09-01 10:20:43 UTC

Description Michal Nowak 2009-05-12 12:12:53 UTC 
Description of problem:

[root@hp-ml370g4-01 tmp]# mount.ecryptfs secret/ secret/ -o key=passphrase:passphrase_passwd=newman:ecryptfs_cipher=aes:ecryptfs_key_bytes=32
Enable plaintext passthrough (y/n) [n]: y

^^^ Asks for "plaintext passthrough", which is OK.

Attempting to mount with the following options:
  ecryptfs_unlink_sigs
  ecryptfs_passthrough
  ecryptfs_key_bytes=32
  ecryptfs_cipher=aes
  ecryptfs_sig=26d2955806590f9d
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key 
before. This could mean that you have typed your 
passphrase wrong.

Would you like to proceed with the mount (yes/no)? yes
Would you like to append sig [26d2955806590f9d] to
[/root/.ecryptfs/sig-cache.txt] 
in order to avoid this warning in the future (yes/no)? no
Not adding sig to user sig cache file; continuing with mount.
Mounted eCryptfs

[root@hp-ml370g4-01 tmp]# mount | grep secret
/tmp/secret on /tmp/secret type ecryptfs (rw,ecryptfs_sig=26d2955806590f9d,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_passthrough,ecryptfs_unlink_sigs)

[root@hp-ml370g4-01 tmp]# umount secret/

[root@hp-ml370g4-01 tmp]# umount secret/
umount: secret/: not mounted

[root@hp-ml370g4-01 tmp]# mount.ecryptfs secret/ secret/ -o key=passphrase:passphrase_passwd=newman:ecryptfs_cipher=aes:ecryptfs_key_bytes=31

^^^ No, question about "plaintext passthrough", coz helper knows of the stupid "ecryptfs_key_bytes" value "31"?

Attempting to mount with the following options:
  ecryptfs_unlink_sigs
  ecryptfs_cipher=aes
  ecryptfs_sig=26d2955806590f9d
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key 
before. This could mean that you have typed your 
passphrase wrong.

Would you like to proceed with the mount (yes/no)? yes
Would you like to append sig [26d2955806590f9d] to
[/root/.ecryptfs/sig-cache.txt] 
in order to avoid this warning in the future (yes/no)? no
Not adding sig to user sig cache file; continuing with mount.
Required mount option not provided: [ecryptfs_key_bytes=]
Invalid mount options; aborting. rc = [-22]
Error mounting eCryptfs: [-22] Invalid argument
Check your system logs; visit <http://launchpad.net/ecryptfs>

Version-Release number of selected component (if applicable):

ecryptfs-utils-75-1.el5

How reproducible:

always

Actual results:

...

Expected results:

A) It should ask all the nice question all the time. When the parameters/values make sence and when they don't.

or (preferably):

B) Parse the "-o" part and when is incorrect, exit, no "wise" questions like:

"Would you like to append sig ..." and co are necessary.

Additional info:

Also, again, error msg like this are hardly of much use:

"""
Required mount option not provided: [ecryptfs_key_bytes=]
Invalid mount options; aborting. rc = [-22]
Error mounting eCryptfs: [-22] Invalid argument
Check your system logs; visit <http://launchpad.net/ecryptfs>
"""

And, btw., is incorrect - I provided the "ecryptfs_key_bytes", but with crap. Also in the log is nothing, just:

"""
May 12 07:41:03 hp-ml370g4-01 kernel: ecryptfs_parse_options: eCryptfs: unrecognized option 'ecryptfs_unlink_sigs'
"""
Comment 1 Michal Hlavinka 2009-05-12 15:53:40 UTC 
I've prepared patch, where checking wrong ecryptfs_key_bytes is fixed. Now you can use only listed values. So it behaves like expected result B).

> Error mounting eCryptfs: [-22] Invalid argument
...
> And, btw., is incorrect - I provided the "ecryptfs_key_bytes", but with crap.

no, it's not completely incorrect. You've provided ecryptfs_key_bytes and err. message is not "missing value", you've provided wrong value and err. message is "Invalid argument". For wrong values mount.ecryptfs always returns EINVAL error code.

I agree, situation with error messages is unpleasant, but I've discussed this with upstream several times and they think the situation is not so bad. Most mount helpers replies with just "mount failed". For most cases you can find additional error messages in /var/log/messages. Returned (and interpreted) are only error codes, so you can't expect much more...
Comment 2 Michal Hlavinka 2009-05-12 15:54:51 UTC 
Created attachment 343609 [details]
allow only correct values to ecryptfs_key_bytes
Comment 8 errata-xmlrpc 2009-09-02 09:57:17 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-1307.html
Note You need to log in before you can comment on or make changes to this bug.