Re: FreeBSD Security Advisory FreeBSD-SA-23:01.geli
Date: Wed, 08 Feb 2023 19:41:55 UTC
On Wed, Feb 08, 2023 at 07:08:33PM +0000, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > ============================================================================= > FreeBSD-SA-23:01.geli Security Advisory > The FreeBSD Project > > Topic: GELI silently omits the keyfile if read from stdin > > Category: core > Module: geli > Announced: 2023-02-08 > Credits: Nathan Dorfman <ndorf@rtfm.net> > Affects: All supported versions of FreeBSD. > Corrected: 2023-02-08 18:03:19 UTC (stable/13, 13.1-STABLE) > 2023-02-08 18:06:31 UTC (releng/13.1, 13.1-RELEASE-p6) > 2023-02-08 18:05:45 UTC (stable/12, 12.4-STABLE) > 2023-02-08 18:30:27 UTC (releng/12.4, 12.4-RELEASE-p1) > 2023-02-08 18:28:31 UTC (releng/12.3, 12.3-RELEASE-p11) > CVE Name: CVE-2023-0751 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit <URL:https://security.FreeBSD.org/>. > > I. Background > > GELI is a block device-layer disk encryption utility. It uses a random > master key to perform symmetric cryptography on sectors. The master key is > encrypted using a user key, which might consist of up to two components: a > user passphrase and a key file. The key file might be read from a file or a > standard input. GELI also allows to initialization of multiple devices with > a single command. > > II. Problem Description > > When GELI reads a key file from a standard input, it doesn't store it > anywhere. If the user tries to initialize multiple providers at once, for > the second and subsequent devices the standard input stream will be already > empty. In this case, GELI silently uses a NULL key as the user key file. If > the user used only a key file without a user passphrase, the master key was > encrypted with an empty key file. This might not be noticed if the devices > were also decrypted in a batch operation. > > III. Impact > > Some GELI providers might be silently encrypted with a NULL key file. bsdinstall has a nifty option for using geli to encrypt your ZFS root pool (usually named zroot). Are ZFS pools created by bsdinstall impacted? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc