FS#49683 : [linux-grsec] Ext formatting in truecrzpt does not work

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#49683 - [linux-grsec] Ext formatting in truecrzpt does not work

Attached to Project: Community Packages
Opened by fred (fred908) - Sunday, 12 June 2016, 11:53 GMT
Last edited by Daniel Micay (thestinger) - Tuesday, 13 December 2016, 00:08 GMT

Task Type	Bug Report
Category	Packages
Status	Closed
Assigned To	Daniel Micay (thestinger)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	1 Emmanuel (fludardes) (2016-08-14)
Private	No

Details

Description:

When creating or opening a container formatted with ext(2/3/4) truecrypt returns the following error:

ParameterIncorrect at TrueCrypt::StringConverter::ToUInt32:248

This onlz happens withn the grsec kernel. No issues with the default arch kernel

Additional info:
* package version(s)
truecrypt 1:7.1a-4
kernel: 4.5.7.201606080852-2-grsec

Steps to reproduce:

Open or create a container using ext as filesystem while unsing a grsec kernel

This task depends upon

Closed by Daniel Micay (thestinger)
Tuesday, 13 December 2016, 00:08 GMT
Reason for closing: Won't fix
Additional comments about closing: Not going to be changing the format of the version string for this. Get them to fix their parsing upstream. It shouldn't break due to additional versioning added as a suffix. Changing this could easily break some other broken program instead.

Comments (12)
Related Tasks (0/0)

Comment by Levente Polyak (anthraxx) - Sunday, 12 June 2016, 13:28 GMT

not sure of this can be configured within grsec, but VeraCrypt has the same issue with the same message (most of both shares the same source).
Maybe would be better to write a bugreport at the VeraCrypt bug tracker?

Comment by fred (fred908) - Sunday, 12 June 2016, 14:06 GMT

Already reported the bug for Truecrypt before I found out it was related to grsec, but I doubt that thez will fix a issue that only happens with grsec.
Should the issue not be related to some sort of memory protection mechanism that can be solveld by creating some sort of rule for grsec?

Comment by Daniel Micay (thestinger) - Monday, 13 June 2016, 02:13 GMT

Is there any information in dmesg about the error, and does turning on PaX soft mode bypass the problem?

Comment by fred (fred908) - Monday, 13 June 2016, 22:26 GMT

There is no information about it in dmesg and turning on soft mode did not change anything either.

Comment by Daniel Micay (thestinger) - Tuesday, 14 June 2016, 03:35 GMT

There is nothing about the fuse module not being autoloaded?

Comment by fred (fred908) - Wednesday, 15 June 2016, 13:17 GMT

Journalctl output without grsecurity kernel:

device-mapper: uevent: version 1.0.3
device-mapper: ioctl: 4.34.0-ioctl (2015-10-28) initialised: dm-devel@redhat.com
loop: module loaded

Journalctl output with grsecurity kernel:

kernel: fuse init (API version 7.24)
systemd[1]: Mounting FUSE Control File System...
systemd[1]: Mounted FUSE Control File System.

Both outputs are triggered by creating a new container with ext4 filesystem

Comment by Daniel Micay (thestinger) - Wednesday, 15 June 2016, 20:35 GMT

fuse won't autoload when an unprivileged user tries to use it with linux-grsec due to MODHARDEN, you need to add it to /etc/modules.d, that's probably the problem. There will be a line in your log saying the autoload was denied by grsec.

Comment by fred (fred908) - Friday, 17 June 2016, 14:16 GMT

Didn't solve the issue. Also I could not find any message about fuse being denied by grsec.

Comment by fred (fred908) - Sunday, 19 June 2016, 14:16 GMT

I reproduced the issue on another system. This time I could find messages about grsec refusing fuse auto load and solved it by adding it to /etc/modules-load.d/
Howeven even with fuse working the issue still remains.
Also even running truecrzpt as root does not solve the issue.

Note: when formatting the volume with fat32 (which is working fine), truecrypt does not ask for administrator privileges while that is the case with ext2/3/4

Comment by Daniel Micay (thestinger) - Monday, 20 June 2016, 03:03 GMT

So are there other error messages in dmesg? Maybe it needs more modules loaded.

Comment by fred (fred908) - Monday, 20 June 2016, 15:30 GMT

Did not find any other messages about denied modules

Comment by M.A. (vde79363) - Monday, 12 December 2016, 23:58 GMT

I just had the same issue so I looked into it and posted my solution to VeraCrypt (and TrueCrypt) here: https://veracrypt.codeplex.com/workitem/352
Changing the kernel version returned by uname -r to something like 4.8.14_201612110933-1 seems to work too.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

Community Packages

FS#49683 - [linux-grsec] Ext formatting in truecrzpt does not work

Details

Loading...