GithubHelp home page GithubHelp logo

rwpenney / cryptmount Goto Github PK

View Code? Open in Web Editor NEW
8.0 2.0 0.0 1.12 MB

Simplified management of Linux encrypted filesystems

Home Page: https://cryptmount.sourceforge.net

License: GNU General Public License v2.0

Makefile 1.48% C 69.04% Shell 25.58% M4 2.41% sed 0.09% Roff 0.03% GLSL 0.13% C++ 1.24%
encryption filesystem linux luks cryptmount security cryptsetup dm-crypt

cryptmount's Introduction

Cryptmount - user-mode management of Linux encrypted filesystems

cryptmount allows any user to access encrypted filing systems on demand under GNU/Linux systems running at least a 2.6-series kernel. It also assists the system administrator in creating and managing encrypted filesystems based on the kernel's dm-crypt device-mapper target.

After initial configuration by the superuser, an ordinary user can mount or unmount filesystems managed by cryptmount solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel and the libgcrypt library) can be used to protect both the filing system and the access key. The protected filing systems can reside in either ordinary files, or raw disk partitions.

Installation

To build cryptmount from source, please follow the instructions in the INSTALL.md file in the top directory of the source package.

cryptmount has been tested on a wide variety of GNU/Linux platforms including: ArchLinux, CentOS, Debian, Fedora, Gentoo, Mageia, Ubuntu etc.

For the most recent source-bundles of cryptmount, please see GitHub, where the latest developer versions can also be found.

An encrypted filing system must initially be created by the superuser. A basic setup can be created interactively by running the cryptmount-setup program, which is typically installed in /usr/local/sbin/, and will use the LUKS encryption format by default.

More elaborate situations can be handled by manual editing of the filesystem definition, typically in /etc/cryptmount/cmtab. For example, an entry of the form:

    crypt {
        dev=/home/crypt.fs dir=/mnt/crypt
        fstype=ext4 mountoptions=defaults
        keyformat=luks
    }

describes a LUKS-encrypted filesystem to be contained in an ordinary file, and which will be mounted beneath /mnt/crypt.

Such a filesystem could be initialized as follows:

    test -e /home/crypt.fs || dd if=/dev/zero of=/home/crypt.fs bs=1M count=128
    mkdir /mnt/crypt
    cryptmount --generate-key 32 crypt
    cryptmount --prepare crypt
    mke2fs -t ext4 /dev/disk/by-id/dm-name-crypt
    cryptmount --release crypt

Further details are available in the installed manual pages.

Thereafter, the following command, executed by an ordinary user, will make the filing system accessible below /mnt/crypt:

    cryptmount crypt

and the following will unmount it:

    cryptmount -u crypt

If using a separate keyfile, please take great care that you do not delete that file, as this will make access to your filesystem (essentially) impossible. You are strongly advised to keep a backup copy of the key-file.

Signing keys

The current GPG signature used for cryptmount releases has fingerprint 7A09 0051 9745 19A3 ED1B D4CB A6CF D54C 4405 160E. (The previous key, 78BC 1A99 61DC 2DAA 7BF8 99DB A6D8 2C65 B8CE F5E7, expired in May 2023.)

cryptmount's People

Contributors

rwpenney avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

cryptmount's Issues

SIGSEGV on parsing parameters

Hi,

A SIGGEGV is happening in the following scenario:

$ ./cryptmount --umount research
Segmentation fault (core dumped)

I investigated a little bit and apparently the problem is happening inside parse_options() when calling libc getopts_long() . Please check below the output on gdb (I redacted some verbose output):

$ gdb ./cryptmount  -d .
gef➤  set args --umount research
gef➤  b cryptmount.c:1388
gef➤  r
[...]
[ Legend: Modified register | Code | Heap | Stack | String ]
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── registers ────
$rax   : 0x00007fffffffd7cc  →  0x0000000000000000
$rbx   : 0x0               
$rcx   : 0x000055555556e3c0  →  0x0000555555563134  →  0x6e616863006c6c61 ("all"?)
$rdx   : 0x000055555556e380  →  "acf:g:hklmw:pre:nSsxBQuyv"
$rsp   : 0x00007fffffffd780  →  0x000055555556ccd0  →  0x00780074706b7564 ("dukpt"?)
$rbp   : 0x000055555556e380  →  "acf:g:hklmw:pre:nSsxBQuyv"
$rsi   : 0x00007fffffffde28  →  0x00007fffffffe1a9  →  "/home/dukpt/Downloads/cryptmount/cryptmount"
$rdi   : 0x3               
$rip   : 0x000055555555acc4  →  <parse_options+1284> call 0x555555557b50 <getopt_long@plt>
$r8    : 0x00007fffffffd7cc  →  0x0000000000000000
$r9    : 0x000055555556e3c0  →  0x0000555555563134  →  0x6e616863006c6c61 ("all"?)
$r10   : 0x00007ffff7dbcac0  →  0x0000000100000000
$r11   : 0x00007ffff7e17ce0  →  0x000055555556e680  →  0x0a3a3432313a783a (":x:124:\n"?)
$r12   : 0x000055555556e3c0  →  0x0000555555563134  →  0x6e616863006c6c61 ("all"?)
$r13   : 0x00005555555654b5  →  "cryptmount"
$r14   : 0x0000555555568a18  →  0x0000555555559700  →  <__do_global_dtors_aux+0> endbr64 
$r15   : 0x00007fffffffdb28  →  0x000000000000003f ("?"?)
$eflags: [ZERO carry PARITY adjust sign trap INTERRUPT direction overflow resume virtualx86 identification]
$cs: 0x33 $ss: 0x2b $ds: 0x00 $es: 0x00 $fs: 0x00 $gs: 0x00 
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── stack ────
0x00007fffffffd780│+0x0000: 0x000055555556ccd0  →  0x00780074706b7564 ("dukpt"?)	 ← $rsp
0x00007fffffffd788│+0x0008: 0x00007fffffffde28  →  0x00007fffffffe1a9  →  "/home/dukpt/Downloads/cryptmount/cryptmount"
0x00007fffffffd790│+0x0010: 0x00007fffffffd7cc  →  0x0000000000000000
0x00007fffffffd798│+0x0018: 0x00007fffffffd7e0  →  0x0000000000000061 ("a"?)
0x00007fffffffd7a0│+0x0020: 0x0000000000000003
0x00007fffffffd7a8│+0x0028: 0x00007ffff7e14600  →  0x0000000000000000
0x00007fffffffd7b0│+0x0030: 0x00007fffffffdbec  →  0x00000000ffffffff
0x00007fffffffd7b8│+0x0038: 0x00007fffffffdbe8  →  0xffffffffffffffff
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── code:x86:64 ────
   0x55555555acb9 <parse_options+1273> mov    rdx, rbp
   0x55555555acbc <parse_options+1276> mov    rcx, r12
   0x55555555acbf <parse_options+1279> mov    rsi, QWORD PTR [rsp+0x8]
 → 0x55555555acc4 <parse_options+1284> call   0x555555557b50 <getopt_long@plt>
   ↳  0x555555557b50 <getopt_long@plt+0> endbr64 
      0x555555557b54 <getopt_long@plt+4> bnd    jmp QWORD PTR [rip+0x1133d]        # 0x555555568e98 <[email protected]>
      0x555555557b5b <getopt_long@plt+11> nop    DWORD PTR [rax+rax*1+0x0]
      0x555555557b60 <fread@plt+0>    endbr64 
      0x555555557b64 <fread@plt+4>    bnd    jmp QWORD PTR [rip+0x11335]        # 0x555555568ea0 <[email protected]>
      0x555555557b6b <fread@plt+11>   nop    DWORD PTR [rax+rax*1+0x0]
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── arguments (guessed) ────
getopt_long@plt (
   $rdi = 0x0000000000000003,
   $rsi = 0x00007fffffffde28 → 0x00007fffffffe1a9 → "/home/dukpt/Downloads/cryptmount/cryptmount",
   $rdx = 0x000055555556e380 → "acf:g:hklmw:pre:nSsxBQuyv",
   $rcx = 0x000055555556e3c0 → 0x0000555555563134 → 0x6e616863006c6c61 ("all"?),
   $r8 = 0x00007fffffffd7cc → 0x0000000000000000
)
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── source:cryptmount.c+1388 ────
   1383	 #endif  /* _GNU_SOURCE */
   1384	 
   1385	     for (;;) {
   1386	         struct cm_option *selected;
   1387	 #ifdef _GNU_SOURCE
●→ 1388	         optchar = getopt_long(argc, argv, shortopts, longopts, &idx);
   1389	 #else
   1390	         optchar = getopt(argc, argv, shortopts);
   1391	 #endif
   1392	         if (optchar < 0 || optchar == '?') break;
   1393	         idx = 0;
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "cryptmount", stopped 0x55555555acc4 in parse_options (), reason: SINGLE STEP
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x55555555acc4 → parse_options(argc=0x3, argv=0x7fffffffde28, mode_params=0x7fffffffdbf8, passwd_fd=0x7fffffffdbec, config_fd=0x7fffffffdbe8, pw_ctxt=0x7fffffffdc30)
[#1] 0x555555557ea9 → main(argc=0x3, argv=0x7fffffffde28)
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

After that, if you continue a SIGSEGV will happen:

$rax   : 0x1ff             
$rbx   : 0x000055555556e660  →  0x6b75643a3232313a (":122:duk"?)
$rcx   : 0x15              
$rdx   : 0x0               
$rsp   : 0x00007fffffffd5d8  →  0x00007ffff7d05ea1  →  <process_long_option+209> test eax, eax
$rbp   : 0x00007fffffffd6a0  →  0x0000000000000003
$rsi   : 0x00007fffffffe1d7  →  0x7200746e756f6d75 ("umount"?)
$rdi   : 0x6b75643a3232313a (":122:duk"?)
$rip   : 0x00007ffff7d96f31  →  <__strncmp_avx2+49> vmovdqu ymm1, YMMWORD PTR [rdi]
$r8    : 0x00007fffffffd7cc  →  0x0000000000000000
$r9    : 0x0               
$r10   : 0x00007ffff7dbcac0  →  0x0000000100000000
$r11   : 0x6               
$r12   : 0x6b75643a3232313a (":122:duk"?)
$r13   : 0x15              
$r14   : 0x6               
$r15   : 0x00007fffffffe1d7  →  0x7200746e756f6d75 ("umount"?)
$eflags: [zero CARRY parity adjust SIGN trap INTERRUPT direction overflow RESUME virtualx86 identification]
$cs: 0x33 $ss: 0x2b $ds: 0x00 $es: 0x00 $fs: 0x00 $gs: 0x00 
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── stack ────
0x00007fffffffd5d8│+0x0000: 0x00007ffff7d05ea1  →  <process_long_option+209> test eax, eax	 ← $rsp
0x00007fffffffd5e0│+0x0008: 0x0000000000000000
0x00007fffffffd5e8│+0x0010: 0x0000000000000000
0x00007fffffffd5f0│+0x0018: 0x00000000000004c2
0x00007fffffffd5f8│+0x0020: 0x0000000000000600
0x00007fffffffd600│+0x0028: 0x000000000000000a ("\n"?)
0x00007fffffffd608│+0x0030: 0x00007ffff7dd7ee1  →  0x69203a7325002d2d ("--"?)
0x00007fffffffd610│+0x0038: 0x7500000000000003
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── code:x86:64 ────
   0x7ffff7d96f21 <__strncmp_avx2+33> and    eax, 0xfff
   0x7ffff7d96f26 <__strncmp_avx2+38> cmp    eax, 0xf80
   0x7ffff7d96f2b <__strncmp_avx2+43> jg     0x7ffff7d97330 <__strncmp_avx2+1072>
 → 0x7ffff7d96f31 <__strncmp_avx2+49> vmovdqu ymm1, YMMWORD PTR [rdi]
   0x7ffff7d96f35 <__strncmp_avx2+53> vpcmpeqb ymm0, ymm1, YMMWORD PTR [rsi]
   0x7ffff7d96f39 <__strncmp_avx2+57> vpminub ymm0, ymm0, ymm1
   0x7ffff7d96f3d <__strncmp_avx2+61> vpcmpeqb ymm0, ymm0, ymm7
   0x7ffff7d96f41 <__strncmp_avx2+65> vpmovmskb ecx, ymm0
   0x7ffff7d96f45 <__strncmp_avx2+69> test   ecx, ecx
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "cryptmount", stopped 0x7ffff7d96f31 in __strncmp_avx2 (), reason: SIGSEGV
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x7ffff7d96f31 → __strncmp_avx2()
[#1] 0x7ffff7d05ea1 → process_long_option(argc=0x3, argv=0x7fffffffde28, optstring=0x55555556e380 "acf:g:hklmw:pre:nSsxBQuyv", longopts=0x55555556e3c0, longind=0x7fffffffd7cc, long_only=0x0, d=0x7ffff7e1f180 <getopt_data>, print_errors=0x1, prefix=0x7ffff7dd7ee1 "--")
[#2] 0x7ffff7d0688f → _getopt_internal_r(argc=0x3, argv=0x7fffffffde28, optstring=0x55555556e380 "acf:g:hklmw:pre:nSsxBQuyv", longopts=0x55555556e3c0, longind=0x7fffffffd7cc, long_only=0x0, d=0x7ffff7e1f180 <getopt_data>, posixly_correct=0x0)
[#3] 0x7ffff7d06aeb → _getopt_internal(argc=0x3, argv=0x7fffffffde28, optstring=0x55555556e380 "acf:g:hklmw:pre:nSsxBQuyv", longopts=0x55555556e3c0, longind=0x7fffffffd7cc, long_only=0x0, posixly_correct=0x0)
[#4] 0x7ffff7d06b72 → getopt_long(argc=0x3, argv=0x7fffffffde28, options=0x55555556e380 "acf:g:hklmw:pre:nSsxBQuyv", long_options=0x55555556e3c0, opt_index=0x7fffffffd7cc)
[#5] 0x55555555acc9 → parse_options(argc=0x3, argv=0x7fffffffde28, mode_params=0x7fffffffdbf8, passwd_fd=0x7fffffffdbec, config_fd=0x7fffffffdbe8, pw_ctxt=0x7fffffffdc30)
[#6] 0x555555557ea9 → main(argc=0x3, argv=0x7fffffffde28)
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
gef➤

Maybe there some issue with the structure size.
The same bug happens within distro version of cryptmount.

I compiled the last code from master and I'm running Ubuntu 22.04.2 (jammy).

Thanks

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.