Re: FreeBSD Security Advisory FreeBSD-SA-23:01.geli

In reply to: Shawn Webb : "Re: FreeBSD Security Advisory FreeBSD-SA-23:01.geli"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mariusz Zaborski <oshogbo_at_freebsd.org>
Date: Wed, 08 Feb 2023 19:52:52 UTC
No, each disk is encrypted/initialized separately:
https://cgit.freebsd.org/src/tree/usr.sbin/bsdinstall/scripts/zfsboot#n1275

On Wed, 8 Feb 2023 at 20:42, Shawn Webb <shawn.webb@hardenedbsd.org> wrote:

> On Wed, Feb 08, 2023 at 07:08:33PM +0000, FreeBSD Security Advisories
> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> >
> >
> =============================================================================
> > FreeBSD-SA-23:01.geli                                       Security
> Advisory
> >                                                           The FreeBSD
> Project
> >
> > Topic:          GELI silently omits the keyfile if read from stdin
> >
> > Category:       core
> > Module:         geli
> > Announced:      2023-02-08
> > Credits:        Nathan Dorfman <ndorf@rtfm.net>
> > Affects:        All supported versions of FreeBSD.
> > Corrected:      2023-02-08 18:03:19 UTC (stable/13, 13.1-STABLE)
> >                 2023-02-08 18:06:31 UTC (releng/13.1, 13.1-RELEASE-p6)
> >                 2023-02-08 18:05:45 UTC (stable/12, 12.4-STABLE)
> >                 2023-02-08 18:30:27 UTC (releng/12.4, 12.4-RELEASE-p1)
> >                 2023-02-08 18:28:31 UTC (releng/12.3, 12.3-RELEASE-p11)
> > CVE Name:       CVE-2023-0751
> >
> > For general information regarding FreeBSD Security Advisories,
> > including descriptions of the fields above, security branches, and the
> > following sections, please visit <URL:https://security.FreeBSD.org/>.
> >
> > I.   Background
> >
> > GELI is a block device-layer disk encryption utility.  It uses a random
> > master key to perform symmetric cryptography on sectors.  The master key
> is
> > encrypted using a user key, which might consist of up to two components:
> a
> > user passphrase and a key file.  The key file might be read from a file
> or a
> > standard input.  GELI also allows to initialization of multiple devices
> with
> > a single command.
> >
> > II.  Problem Description
> >
> > When GELI reads a key file from a standard input, it doesn't store it
> > anywhere.  If the user tries to initialize multiple providers at once,
> for
> > the second and subsequent devices the standard input stream will be
> already
> > empty.  In this case, GELI silently uses a NULL key as the user key
> file.  If
> > the user used only a key file without a user passphrase, the master key
> was
> > encrypted with an empty key file.  This might not be noticed if the
> devices
> > were also decrypted in a batch operation.
> >
> > III. Impact
> >
> > Some GELI providers might be silently encrypted with a NULL key file.
>
> bsdinstall has a nifty option for using geli to encrypt your ZFS root
> pool (usually named zroot). Are ZFS pools created by bsdinstall
> impacted?
>
> Thanks,
>
> --
> Shawn Webb
> Cofounder / Security Engineer
> HardenedBSD
>
>
> https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
>