Date: Wed, 8 Feb 2023 20:52:52 +0100 From: Mariusz Zaborski <oshogbo@freebsd.org> To: Shawn Webb <shawn.webb@hardenedbsd.org> Cc: freebsd-security@freebsd.org, FreeBSD Security Advisories <security-advisories@freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-23:01.geli Message-ID: <CAGOYWV8n6Vb4x3z-FwbdX6kf1BBG-FsZLk2n0kjuAz7Gs%2B76sA@mail.gmail.com> In-Reply-To: <20230208194155.hs5fkfdqcfmd72ld@mutt-hbsd> References: <20230208190833.1DF6F8824@freefall.freebsd.org> <20230208194155.hs5fkfdqcfmd72ld@mutt-hbsd>
next in thread | previous in thread | raw e-mail | index | archive | help
--00000000000053e43805f435996e Content-Type: text/plain; charset="UTF-8" No, each disk is encrypted/initialized separately: https://cgit.freebsd.org/src/tree/usr.sbin/bsdinstall/scripts/zfsboot#n1275 On Wed, 8 Feb 2023 at 20:42, Shawn Webb <shawn.webb@hardenedbsd.org> wrote: > On Wed, Feb 08, 2023 at 07:08:33PM +0000, FreeBSD Security Advisories > wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA512 > > > > > ============================================================================= > > FreeBSD-SA-23:01.geli Security > Advisory > > The FreeBSD > Project > > > > Topic: GELI silently omits the keyfile if read from stdin > > > > Category: core > > Module: geli > > Announced: 2023-02-08 > > Credits: Nathan Dorfman <ndorf@rtfm.net> > > Affects: All supported versions of FreeBSD. > > Corrected: 2023-02-08 18:03:19 UTC (stable/13, 13.1-STABLE) > > 2023-02-08 18:06:31 UTC (releng/13.1, 13.1-RELEASE-p6) > > 2023-02-08 18:05:45 UTC (stable/12, 12.4-STABLE) > > 2023-02-08 18:30:27 UTC (releng/12.4, 12.4-RELEASE-p1) > > 2023-02-08 18:28:31 UTC (releng/12.3, 12.3-RELEASE-p11) > > CVE Name: CVE-2023-0751 > > > > For general information regarding FreeBSD Security Advisories, > > including descriptions of the fields above, security branches, and the > > following sections, please visit <URL:https://security.FreeBSD.org/>. > > > > I. Background > > > > GELI is a block device-layer disk encryption utility. It uses a random > > master key to perform symmetric cryptography on sectors. The master key > is > > encrypted using a user key, which might consist of up to two components: > a > > user passphrase and a key file. The key file might be read from a file > or a > > standard input. GELI also allows to initialization of multiple devices > with > > a single command. > > > > II. Problem Description > > > > When GELI reads a key file from a standard input, it doesn't store it > > anywhere. If the user tries to initialize multiple providers at once, > for > > the second and subsequent devices the standard input stream will be > already > > empty. In this case, GELI silently uses a NULL key as the user key > file. If > > the user used only a key file without a user passphrase, the master key > was > > encrypted with an empty key file. This might not be noticed if the > devices > > were also decrypted in a batch operation. > > > > III. Impact > > > > Some GELI providers might be silently encrypted with a NULL key file. > > bsdinstall has a nifty option for using geli to encrypt your ZFS root > pool (usually named zroot). Are ZFS pools created by bsdinstall > impacted? > > Thanks, > > -- > Shawn Webb > Cofounder / Security Engineer > HardenedBSD > > > https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc > --00000000000053e43805f435996e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">No, each disk is encrypted/initialized separately:<br><div= ><a href=3D"https://cgit.freebsd.org/src/tree/usr.sbin/bsdinstall/scripts/z= fsboot#n1275">https://cgit.freebsd.org/src/tree/usr.sbin/bsdinstall/scripts= /zfsboot#n1275</a><br></div></div><br><div class=3D"gmail_quote"><div dir= =3D"ltr" class=3D"gmail_attr">On Wed, 8 Feb 2023 at 20:42, Shawn Webb <<= a href=3D"mailto:shawn.webb@hardenedbsd.org">shawn.webb@hardenedbsd.org</a>= > wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px = 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On W= ed, Feb 08, 2023 at 07:08:33PM +0000, FreeBSD Security Advisories wrote:<br= > > -----BEGIN PGP SIGNED MESSAGE-----<br> > Hash: SHA512<br> > <br> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D<br> > FreeBSD-SA-23:01.geli=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0Security Advisory<br> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0The FreeB= SD Project<br> > <br> > Topic:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 GELI silently omits the keyfi= le if read from stdin<br> > <br> > Category:=C2=A0 =C2=A0 =C2=A0 =C2=A0core<br> > Module:=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0geli<br> > Announced:=C2=A0 =C2=A0 =C2=A0 2023-02-08<br> > Credits:=C2=A0 =C2=A0 =C2=A0 =C2=A0 Nathan Dorfman <<a href=3D"mail= to:ndorf@rtfm.net" target=3D"_blank">ndorf@rtfm.net</a>><br> > Affects:=C2=A0 =C2=A0 =C2=A0 =C2=A0 All supported versions of FreeBSD.= <br> > Corrected:=C2=A0 =C2=A0 =C2=A0 2023-02-08 18:03:19 UTC (stable/13, 13.= 1-STABLE)<br> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A02023-02-0= 8 18:06:31 UTC (releng/13.1, 13.1-RELEASE-p6)<br> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A02023-02-0= 8 18:05:45 UTC (stable/12, 12.4-STABLE)<br> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A02023-02-0= 8 18:30:27 UTC (releng/12.4, 12.4-RELEASE-p1)<br> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A02023-02-0= 8 18:28:31 UTC (releng/12.3, 12.3-RELEASE-p11)<br> > CVE Name:=C2=A0 =C2=A0 =C2=A0 =C2=A0CVE-2023-0751<br> > <br> > For general information regarding FreeBSD Security Advisories,<br> > including descriptions of the fields above, security branches, and the= <br> > following sections, please visit <URL:<a href=3D"https://security.F= reeBSD.org/" rel=3D"noreferrer" target=3D"_blank">https://security.FreeBSD.= org/</a>>.<br> > <br> > I.=C2=A0 =C2=A0Background<br> > <br> > GELI is a block device-layer disk encryption utility.=C2=A0 It uses a = random<br> > master key to perform symmetric cryptography on sectors.=C2=A0 The mas= ter key is<br> > encrypted using a user key, which might consist of up to two component= s: a<br> > user passphrase and a key file.=C2=A0 The key file might be read from = a file or a<br> > standard input.=C2=A0 GELI also allows to initialization of multiple d= evices with<br> > a single command.<br> > <br> > II.=C2=A0 Problem Description<br> > <br> > When GELI reads a key file from a standard input, it doesn't store= it<br> > anywhere.=C2=A0 If the user tries to initialize multiple providers at = once, for<br> > the second and subsequent devices the standard input stream will be al= ready<br> > empty.=C2=A0 In this case, GELI silently uses a NULL key as the user k= ey file.=C2=A0 If<br> > the user used only a key file without a user passphrase, the master ke= y was<br> > encrypted with an empty key file.=C2=A0 This might not be noticed if t= he devices<br> > were also decrypted in a batch operation.<br> > <br> > III. Impact<br> > <br> > Some GELI providers might be silently encrypted with a NULL key file.<= br> <br> bsdinstall has a nifty option for using geli to encrypt your ZFS root<br> pool (usually named zroot). Are ZFS pools created by bsdinstall<br> impacted?<br> <br> Thanks,<br> <br> -- <br> Shawn Webb<br> Cofounder / Security Engineer<br> HardenedBSD<br> <br> <a href=3D"https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Sha= wn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc" rel=3D"noreferrer= " target=3D"_blank">https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/m= aster/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc</a><br> </blockquote></div> --00000000000053e43805f435996e--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGOYWV8n6Vb4x3z-FwbdX6kf1BBG-FsZLk2n0kjuAz7Gs%2B76sA>