Re: Commit 8df9d1a4 breaks GnuPG in initrd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 15 Nov 2010, Karl-Johan Karlsson wrote:
> Hi,
> 
> (Please Cc: me since I'm not subscribed to linux-fsdevel)
> 
> My initrd, which worked in 2.6.35, is broken in 2.6.36. I bisected it to this 
> commit:
> 
>    commit 8df9d1a4142311c084ffeeacb67cd34d190eff74
>    Author: Miklos Szeredi <mszeredi@xxxxxxx>
>    Date:   Tue Aug 10 11:41:41 2010 +0200
> 
>        vfs: show unreachable paths in getcwd and proc
> 
>        Prepend "(unreachable)" to path strings if the path is not reachable
>        from the current root.
> 
> My root partition is encrypted with dm-crypt, and the key is encrypted with a 
> passphrase using GnuPG and stored in the initrd. To set this up, the initrd 
> does:
> 
>    gpg --quiet -d /boot/root-key.gpg | cryptsetup -h plain -c aes-xts-plain \
>    -s 512 create cryptroot /dev/sda3
> 
> To read the passphrase, gpg spawns pinentry-curses and configures it using 
> text commands on stdin. Since the above commit, this breaks when setting the 
> TTY from which to read the passphrase:
> 
> [pid  1129] readlink("/proc/self/fd/0", "(unreachable)/dev/console"..., 4095) 
> = 25
> [pid  1129] write(7, "OPTION ttyname=(unreachable)/dev/console", 40 
> <unfinished ...>
> [pid  1132] <... read resumed> "OPTION ttyname=(unreachable)/dev/console", 
> 1002) = 40
> [pid  1132] open("(unreachable)/dev/console", O_RDONLY) = -1 ENOENT (No such 
> file or directory)

Blindly trusting readlink on a /proc/*/fd/ file to yield a valid
absolute path has always been wrong.

That readlink comes from a ttyname(3) call, I suppose.  A fix to
ttyname() has already been added to glibc git:

  0e516e0e  Verify in ttyname() that the symlink is valid.

> 
> I suppose the real bug is that /dev/console is considered unreachable, when 
> (according to strace) no process has done chroot() and the initrd has a 
> functioning /dev/console:
> 
>    crw-r--r-- 1 root root 5, 1  1 jul  2007 dev/console

What filesystem is this on?  The original console fd comes from
rootfs, and initrd probably already did a pivot_root().

Thanks,
Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux