[Openstack-security] [Bug 1372375] Re: Attaching LVM encrypted volumes (with LUKS) could cause data loss if LUKS headers get corrupted

Patrizio Tufarolo patriziotufarolo at gmail.com
Tue Sep 30 10:25:44 UTC 2014


A simpler approach could consist in a flag stored in the cinder db to indicate if the volume has been formatted before.
Then we could handle the volume attachment procedure checking this flag's value first.
If the device has been used but Nova would not be able to mount it,  we could return an exception inviting the cloud administrator to check for the volume integrity.
What do you think about that?

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1372375

Title:
  Attaching LVM encrypted volumes (with LUKS) could cause data loss if
  LUKS headers get corrupted

Status in Cinder:
  New
Status in OpenStack Compute (Nova):
  Incomplete
Status in OpenStack Security Advisories:
  Won't Fix

Bug description:
  I have doubts about the flow of the volume attaching operation, as
  defined in /usr/lib/python2.6/site-
  packages/nova/volume/encryptors/luks.py.

  If the device is not recognized to be a valid luks device, the script is luks formatting it! So if for some reason the luks header get corrupted, it erases the whole data.
  To manage corrupted headers there are the 

      cryptsetup luksHeaderBackup

  and

      cryptsetup luksHeaderRestore

  commands that respectively do the backup and the restore of the
  headers.

  I think that the process has to be reviewed, and the luksFormat
  operation has to be performed during the volume creation.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1372375/+subscriptions




More information about the Openstack-security mailing list