Version 1.0.10 of Mandos is released: SECURITY BUG FIX!

Teddy Hogeborn teddy at fukt.bsnet.se
Sun May 17 06:20:40 CEST 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Version 1.0.10 of Mandos is released.  This is a security bug fix
release.

Who Is Affected?
================

The security bug affects users of Debian lenny users using
linux-image-* packages with versions lower than 2.6.28-1, who have
installed the linux-image-* package AFTER installing mandos-client.

The bug does NOT affect Ubuntu Jaunty (9.04) users, nor does it affect
users of Debian unstable/sid/squeeze users IF they are using
linux-image-2.6.28-1 or higher.

Bug Effects
===========

The /boot/initrd.img* file was made publicly readable on NEW
INSTALLATIONS of linux-image-* packages with versions lower than
2.6.28-1, IF those installations occured AFTER installing the
mandos-client package.  Installation of this package of mandos-client
version 1.0.10 will automatically recreate a new non-publicly-readable
initrd.img file as well as fixing the problem for new linux-image
installations.

Bug Impact and Recovery
=======================

The impact of a publicly readable initrd.img file on a Mandos client
computer is that all non-priviliged users with file or login access
can get the Mandos Client key, and could then conceivably use this key
to get the encrypted file system password from the Mandos Server.  If
you do not allow non-trusted logins or file accesses to the Mandos
Client computer, no compromise has been possible.  If you DO allow
such logins, and you HAVE installed a new kernel after installing the
mandos-client package, you are affected, and there are several
possible courses of action available to you, depending on your desired
level of paranoia:

Paranoia level 0: Install mandos-client 1.0.10 to fix the permissions
                  and forget about it, since it's most likely nothing
                  has happened.  (This is the lazy but realistic
                  choice.)

Paranoia level 1: Change the Mandos client keys (since they have been
                  readable), and change the encrypted root file system
                  password (since it's possible it has been revealed).
                  The procedure is roughly as follows:
                  
                  * Run the following commands on the Mandos client:
                  
                        rootdev=`zcat /boot/initrd.img-\`uname -r\` \
                            | cpio --quiet --extract --to-stdout \
                            conf/conf.d/cryptroot \
                            | sed -e 's/.*source=\([^,]*\),\?.*/\1/'`
                        cryptsetup luksAddKey $rootdev
                        # (Enter a new root file system password)
                        cryptsetup luksRemoveKey $rootdev
                        # (Enter both the old and the new passwords)
                        mandos-keygen --force
                        # (This may take a while)
                        mandos-keygen --password
                        # (Enter the new root file system password)
                  
                  * On the Mandos server, edit the file
                    /etc/mandos/clients.conf and replace the old
                    client entry with the output from that last
                    "mandos-keygen" command.
                    
                        editor /etc/mandos/clients.conf
                  
                  * Restart the Mandos server
                    
                        invoke-rc.d mandos force-reload

Paranoia level MAX-2: Re-encrypt your disks with a new LUKS master
                      key.  This is NOT necessary, since only root
                      could have read the raw LUKS device anyway.

Paranoia level MAX-1: Reinstall and reconfigure the server.  This is
                      NOT necessary, since neither the root password
                      nor anything else about the system has been
                      compromised.

Paranoia level MAX: Remove Mandos permanently and return to typing in
                    passwords manually at boot-time.  This is only if
                    this incident has made you lose confidence in us,
                    and we are sorry if you choose to see it this way.
                    We hope, however, that this is not the case.

More Bug Details
================

In the Debian postinst script for all the linux-image-2.6.26-*
packages (and older), to create the initrd.img file, the deprecated
"mkinitramfs-kpkg" command is used instead of its newer replacement,
"update-initramfs".  This use of the older command was not anticipated
by us, and no effort was made to ensure the creation of a non-
publicly-readable initrd.img file in that case.  This has now been
fixed.

We are very sorry that this has happened, and will strive to be better
in the future.

Version 1.0.10 (2009-05-17)
* Client
** Security bug fix: Fix permissions on initrd.img-*.bak files when
   upgrading from older versions.

Version 1.0.9 (2009-05-17)
* Client
** Security bug fix: Fix permissions on initrd.img file when
   installing new linux-image-* packages calling mkinitramfs-kpkg (all
   version lower than 2.6.28-1-* does this).

/Teddy Hogeborn

- -- 
The Mandos Project
http://www.fukt.bsnet.se/mandos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFKD5CdOWBmT5XqI90RAp8VAJ0SHxvygAZ/OvOZVz09Sg/mQHq0EgCgy1a8
9RXPXYI3WuQwaWwQG1CwwQQ=
=mWPq
-----END PGP SIGNATURE-----

More information about the Mandos-Dev mailing list