Comments (9)
EX0l0N
commented on May 18, 2024
Someone smarter than me pointed out that this is most likely due to this function:
func NewKeyFromCString(str unsafe.Pointer) (*Key, error) {
size := C.strlen((*C.char)(str))
key, err := NewBlankKey(int(size))
if err != nil {
return nil, err
}
C.memcpy(util.Ptr(key.data), str, size)
return key, nil
}
If the other end that provides the pointer did not properly null terminate the string, strlen will return a size only relative to the first occurrence of binary 0 in the random memory layout after the pointer.
Then it will reserve that size and copy whatever it can access by that pointer.
Why it takes long at my side just to hit a random 0 is another thing that puzzles me. Looks like other users are luckier with this.
However, I'd suggest to use strnlen instead, ensuring that size can only be a maximum of whatever seems reasonable, probably a few kb.
I acknowledge that the bug at my system is not pam_fscrypts fault alone. Something on the other end must be putting a malformed string. Nevertheless using plain strlen here is a risk, that can be easily avoided.
from fscrypt.
josephlr
commented on May 18, 2024
Ya it looks like we are hitting an error here:
Line 112 in 2bf4521
My guess is that we are being passed a malformed (or weirdly long) AUTHTOK. In Authenticate, we call SetSecret here:
fscrypt/pam_fscrypt/pam_fscrypt.go
Line 104 in 2bf4521
which then locks the memory here:
Line 98 in 2bf4521
but note that we don't check the error code.
Then, in OpenSession, we copy this locked memory into a new locked memory buffer inside of a key (and we do this for every policy protected by the user's login protector):
fscrypt/pam_fscrypt/pam_fscrypt.go
Line 228 in 2bf4521
So I think to address these issues we should:
- Limit the sizes of AUTHTOK we accept to be less than
PAM_MAX_RESP_SIZE, see rra/pam-krb5#13 for a similar issue. - Avoid locking
AUTHTOKin memory multiple times - See if we should store the
AUTHTOKsomewhere other than the module's internal data viapam_set_data - See if we should limit the length of keys overall to be at most a page size (say 4096)
We could also just stop manually locking things in memory inside of our PAM module. It does seem like locking buffers in memory has caused more issues than its solved.
from fscrypt.
ebiggers
commented on May 18, 2024
libpam treats PAM_AUTHTOK as a null-terminated string internally, e.g. when pam_set_item() is called. The manual page for pam_set_item() says that it must be null-terminated. It would be very strange to have it be longer than 961MiB. So I'm wondering if something else is actually going on. Can you first verify that pam_fscrypt is indeed requesting to lock a super large length? For example use this patch:
diff --git a/crypto/key.go b/crypto/key.go
index 2e57443..f63ee58 100644
--- a/crypto/key.go
+++ b/crypto/key.go
@@ -101,6 +101,8 @@ func NewBlankKey(length int) (*Key, error) {
return nil, errors.Errorf("requested key length %d is negative", length)
}
+ log.Printf("NewBlankKey called with length %d", length)
+
flags := keyMmapFlags
if UseMlock {
flags |= unix.MAP_LOCKED
from fscrypt.
EX0l0N
commented on May 18, 2024
Thanks for getting back to this so fast.
I have to confess, I didn't compile go for a while now. I guess I'd also need a few dev-dependencies to get my own pam_fscrypt version compiled for debugging.
I have no time for that extra mile atm., but I will look into that at the weekend.
from fscrypt.
EX0l0N
commented on May 18, 2024
This got a little messy.
I applied the patch, which lead to a situation where I could not log in, because my greeter froze as soon as I entered the password and tipped unlock.
Fortunately I could log in via ssh and after that also use the greeter on the tablet. This probably just changed some mem layout circumventing the bug - at least I have no better idea.
I was able to retrieve some logs:
Mär 01 23:59:46 juno kernel: Key type .fscrypt registered
Mär 01 23:59:46 juno kernel: Key type fscrypt-provisioning registered
Mär 01 23:59:49 juno pam_fscrypt[909]: OpenSession(map[debug:true]) starting
Mär 01 23:59:49 juno pam_fscrypt[909]: invoked for system user "_greetd" (105), doing nothing
Mär 01 23:59:49 juno pam_fscrypt[909]: OpenSession(map[debug:true]) succeeded
Mär 02 00:01:05 juno pam_fscrypt[1419]: OpenSession(map[debug:true]) starting
Mär 02 00:01:05 juno pam_fscrypt[1419]: Session count for UID=1000 updated to 1
Mär 02 00:01:05 juno pam_fscrypt[1419]: Current privs (real, effective): uid=(0,0) gid=(0,0) groups=[]
Mär 02 00:01:05 juno pam_fscrypt[1419]: Setting euid=1000 egid=1000 groups=[1000 20 27 29 44 46 100 101 104 108 119 995]
Mär 02 00:01:05 juno pam_fscrypt[1419]: Current privs (real, effective): uid=(0,1000) gid=(0,1000) groups=[20 27 29 44 46 100 101 104 108 119 995 1000]
Mär 02 00:01:05 juno pam_fscrypt[1419]: Reading config from "/etc/fscrypt.conf"
Mär 02 00:01:05 juno pam_fscrypt[1419]: creating context for user "exo"
Mär 02 00:01:05 juno pam_fscrypt[1419]: stat /sys/kernel/debug/tracing: permission denied
Mär 02 00:01:05 juno pam_fscrypt[1419]: ignoring mountpoint "/sys/kernel/debug/tracing" because it is not a directory
Mär 02 00:01:05 juno pam_fscrypt[1419]: stat /run/user/105/gvfs: permission denied
Mär 02 00:01:05 juno pam_fscrypt[1419]: ignoring mountpoint "/run/user/105/gvfs" because it is not a directory
Mär 02 00:01:05 juno pam_fscrypt[1419]: found ext4 filesystem "/" (/dev/sda3)
Mär 02 00:01:05 juno pam_fscrypt[1419]: listing protectors in "/.fscrypt/protectors"
Mär 02 00:01:05 juno pam_fscrypt[1419]: found 1 protectors
Mär 02 00:01:05 juno pam_fscrypt[1419]: successfully read metadata from "/.fscrypt/protectors/737a0be29d62e6c0"
Mär 02 00:01:05 juno pam_fscrypt[1419]: Getting protector 737a0be29d62e6c0 from option
Mär 02 00:01:05 juno pam_fscrypt[1419]: successfully read metadata from "/.fscrypt/protectors/737a0be29d62e6c0"
Mär 02 00:01:05 juno pam_fscrypt[1419]: listing policies in "/.fscrypt/policies"
Mär 02 00:01:05 juno pam_fscrypt[1419]: found 0 policies
Mär 02 00:01:05 juno pam_fscrypt[1419]: following protector link /data/.fscrypt/protectors/737a0be29d62e6c0.link
Mär 02 00:01:05 juno pam_fscrypt[1419]: resolved filesystem link using UUID "9fd450df-ba4e-41a0-9051-c3991b162928"
Mär 02 00:01:05 juno pam_fscrypt[1419]: successfully read metadata from "/.fscrypt/protectors/737a0be29d62e6c0"
Mär 02 00:01:05 juno pam_fscrypt[1419]: listing policies in "/data/.fscrypt/policies"
Mär 02 00:01:05 juno pam_fscrypt[1419]: found 1 policies
Mär 02 00:01:05 juno pam_fscrypt[1419]: successfully read metadata from "/data/.fscrypt/policies/fcbfd26b9703ff8d6b7603168098d6e1"
Mär 02 00:01:05 juno pam_fscrypt[1419]: got data for fcbfd26b9703ff8d6b7603168098d6e1 from "/data"
Mär 02 00:01:05 juno pam_fscrypt[1419]: Detected support for filesystem keyring
Mär 02 00:01:05 juno pam_fscrypt[1419]: FS_IOC_GET_ENCRYPTION_KEY_STATUS("/data", fcbfd26b9703ff8d6b7603168098d6e1) = errno 0, status=1, status_flags=0x0
Mär 02 00:01:05 juno pam_fscrypt[1419]: unlocking 1 policies protected with AUTHTOK
Mär 02 00:01:05 juno pam_fscrypt[1419]: Setting euid=0 egid=0 groups=[]
Mär 02 00:01:05 juno pam_fscrypt[1419]: Current privs (real, effective): uid=(0,0) gid=(0,0) groups=[]
Mär 02 00:01:05 juno pam_fscrypt[1419]: OpenSession(map[debug:true]) failed: unlocking protector 737a0be29d62e6c0: AUTHTOK data missing: No module specific data is present
Mär 02 00:01:27 juno pam_fscrypt[909]: CloseSession(map[debug:true]) starting
Mär 02 00:01:27 juno pam_fscrypt[909]: invoked for system user "_greetd" (105), doing nothing
Mär 02 00:01:27 juno pam_fscrypt[909]: CloseSession(map[debug:true]) succeeded
Mär 02 00:01:27 juno pam_fscrypt[1518]: OpenSession(map[debug:true]) starting
Mär 02 00:01:27 juno pam_fscrypt[1518]: Session count for UID=1000 updated to 2
Mär 02 00:01:27 juno pam_fscrypt[1518]: Current privs (real, effective): uid=(0,0) gid=(0,0) groups=[]
Mär 02 00:01:27 juno pam_fscrypt[1518]: Setting euid=1000 egid=1000 groups=[1000 20 27 29 44 46 100 101 104 108 119 995]
Mär 02 00:01:27 juno pam_fscrypt[1518]: Current privs (real, effective): uid=(0,1000) gid=(0,1000) groups=[20 27 29 44 46 100 101 104 108 119 995 1000]
Mär 02 00:01:27 juno pam_fscrypt[1518]: Reading config from "/etc/fscrypt.conf"
Mär 02 00:01:27 juno pam_fscrypt[1518]: creating context for user "exo"
Mär 02 00:01:27 juno pam_fscrypt[1518]: found ext4 filesystem "/" (/dev/sda3)
Mär 02 00:01:27 juno pam_fscrypt[1518]: listing protectors in "/.fscrypt/protectors"
Mär 02 00:01:27 juno pam_fscrypt[1518]: found 1 protectors
Mär 02 00:01:27 juno pam_fscrypt[1518]: successfully read metadata from "/.fscrypt/protectors/737a0be29d62e6c0"
Mär 02 00:01:27 juno pam_fscrypt[1518]: Getting protector 737a0be29d62e6c0 from option
Mär 02 00:01:27 juno pam_fscrypt[1518]: successfully read metadata from "/.fscrypt/protectors/737a0be29d62e6c0"
Mär 02 00:01:27 juno pam_fscrypt[1518]: listing policies in "/.fscrypt/policies"
Mär 02 00:01:27 juno pam_fscrypt[1518]: found 0 policies
Mär 02 00:01:27 juno pam_fscrypt[1518]: following protector link /data/.fscrypt/protectors/737a0be29d62e6c0.link
Mär 02 00:01:27 juno pam_fscrypt[1518]: resolved filesystem link using UUID "9fd450df-ba4e-41a0-9051-c3991b162928"
Mär 02 00:01:27 juno pam_fscrypt[1518]: successfully read metadata from "/.fscrypt/protectors/737a0be29d62e6c0"
Mär 02 00:01:27 juno pam_fscrypt[1518]: listing policies in "/data/.fscrypt/policies"
Mär 02 00:01:27 juno pam_fscrypt[1518]: found 1 policies
Mär 02 00:01:27 juno pam_fscrypt[1518]: successfully read metadata from "/data/.fscrypt/policies/fcbfd26b9703ff8d6b7603168098d6e1"
Mär 02 00:01:27 juno pam_fscrypt[1518]: got data for fcbfd26b9703ff8d6b7603168098d6e1 from "/data"
Mär 02 00:01:27 juno pam_fscrypt[1518]: Detected support for filesystem keyring
Mär 02 00:01:27 juno pam_fscrypt[1518]: FS_IOC_GET_ENCRYPTION_KEY_STATUS("/data", fcbfd26b9703ff8d6b7603168098d6e1) = errno 0, status=1, status_flags=0x0
Mär 02 00:01:27 juno pam_fscrypt[1518]: unlocking 1 policies protected with AUTHTOK
Mär 02 00:01:27 juno pam_fscrypt[1518]: NewBlankKey called with length 7
Mär 02 00:01:27 juno pam_fscrypt[1518]: running passphrase hash for protector 737a0be29d62e6c0
Mär 02 00:01:28 juno pam_fscrypt[1518]: NewBlankKey called with length 32
Mär 02 00:01:28 juno pam_fscrypt[1518]: NewBlankKey called with length 32
Mär 02 00:01:28 juno pam_fscrypt[1518]: NewBlankKey called with length 32
Mär 02 00:01:28 juno pam_fscrypt[1518]: NewBlankKey called with length 32
Mär 02 00:01:28 juno pam_fscrypt[1518]: valid wrapping key for protector 737a0be29d62e6c0
Mär 02 00:01:28 juno pam_fscrypt[1518]: NewBlankKey called with length 32
Mär 02 00:01:28 juno pam_fscrypt[1518]: NewBlankKey called with length 32
Mär 02 00:01:28 juno pam_fscrypt[1518]: NewBlankKey called with length 64
Mär 02 00:01:28 juno pam_fscrypt[1518]: NewBlankKey called with length 144
Mär 02 00:01:28 juno pam_fscrypt[1518]: FS_IOC_ADD_ENCRYPTION_KEY("/data", fcbfd26b9703ff8d6b7603168098d6e1, <raw>) = errno 0
Mär 02 00:01:28 juno pam_fscrypt[1518]: policy fcbfd26b9703ff8d6b7603168098d6e1 provisioned by exo
Mär 02 00:01:28 juno pam_fscrypt[1518]: Setting euid=0 egid=0 groups=[]
Mär 02 00:01:28 juno pam_fscrypt[1518]: Current privs (real, effective): uid=(0,0) gid=(0,0) groups=[]
Mär 02 00:01:28 juno pam_fscrypt[1518]: OpenSession(map[debug:true]) succeeded
Mär 02 00:01:30 juno kernel: fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
Mär 02 00:01:30 juno kernel: fscrypt: AES-256-XTS using implementation "xts-aes-aesni"
Note the NewBlankKey called with length … logs showing up.
I got curious and replaced the C.strlen with C.strnlen and limiting the max string length to 0x1000.
That got me nowhere because I wasn't printing the size, but I failed to copy the new pam_fscrypt.so over the existing one (which was probably still loaded by the greeter, because cp segfaulted!?).
With the now broken lib I could no longer run sudo to fix anything and after a reboot my tablet was a keyboard-less brick. No login at all, ssh dying halfway with a terminated connection.
I had to do some rescuing.
C.strnlen did not bring up the expected 4k size to show up anywhere.
In the end I rewrote func NewKeyFromCString a bit to use plain strlen again, to figure out what we really get here.
func NewKeyFromCString(str unsafe.Pointer) (*Key, error) {
size := C.strlen((*C.char)(str))
log.Printf("Strlen returned %d", size)
if size > 0x1000 {
size = 0x1000
}
[…]
To my surprise the strlen appears to be fine all the time.
I reverted my lock-mem unlimiting again, to see were it actually crashes. That gave me some more interesting log:
Mar 02 00:57:17 juno kernel: Key type .fscrypt registered
Mar 02 00:57:17 juno kernel: Key type fscrypt-provisioning registered
Mar 02 00:57:20 juno pam_fscrypt[915]: OpenSession(map[debug:true]) starting
Mar 02 00:57:20 juno pam_fscrypt[915]: invoked for system user "_greetd" (105), doing nothing
Mar 02 00:57:20 juno pam_fscrypt[915]: OpenSession(map[debug:true]) succeeded
Mar 02 00:57:46 juno pam_fscrypt[915]: CloseSession(map[debug:true]) starting
Mar 02 00:57:46 juno pam_fscrypt[915]: invoked for system user "_greetd" (105), doing nothing
Mar 02 00:57:46 juno pam_fscrypt[915]: CloseSession(map[debug:true]) succeeded
Mar 02 00:57:47 juno pam_fscrypt[1255]: OpenSession(map[debug:true]) starting
Mar 02 00:57:47 juno pam_fscrypt[1255]: Session count for UID=1000 updated to 1
Mar 02 00:57:47 juno pam_fscrypt[1255]: Current privs (real, effective): uid=(0,0) gid=(0,0) groups=[]
Mar 02 00:57:47 juno pam_fscrypt[1255]: Setting euid=1000 egid=1000 groups=[1000 20 27 29 44 46 100 101 104 108 119 995]
Mar 02 00:57:47 juno pam_fscrypt[1255]: Current privs (real, effective): uid=(0,1000) gid=(0,1000) groups=[20 27 29 44 46 100 101 104 108 119 995 1000]
Mar 02 00:57:47 juno pam_fscrypt[1255]: Reading config from "/etc/fscrypt.conf"
Mar 02 00:57:47 juno pam_fscrypt[1255]: creating context for user "exo"
Mar 02 00:57:47 juno pam_fscrypt[1255]: found ext4 filesystem "/" (/dev/sda3)
Mar 02 00:57:47 juno pam_fscrypt[1255]: listing protectors in "/.fscrypt/protectors"
Mar 02 00:57:47 juno pam_fscrypt[1255]: found 1 protectors
Mar 02 00:57:47 juno pam_fscrypt[1255]: successfully read metadata from "/.fscrypt/protectors/737a0be29d62e6c0"
Mar 02 00:57:47 juno pam_fscrypt[1255]: Getting protector 737a0be29d62e6c0 from option
Mar 02 00:57:47 juno pam_fscrypt[1255]: successfully read metadata from "/.fscrypt/protectors/737a0be29d62e6c0"
Mar 02 00:57:47 juno pam_fscrypt[1255]: listing policies in "/.fscrypt/policies"
Mar 02 00:57:47 juno pam_fscrypt[1255]: found 0 policies
Mar 02 00:57:47 juno pam_fscrypt[1255]: following protector link /data/.fscrypt/protectors/737a0be29d62e6c0.link
Mar 02 00:57:47 juno pam_fscrypt[1255]: resolved filesystem link using UUID "9fd450df-ba4e-41a0-9051-c3991b162928"
Mar 02 00:57:47 juno pam_fscrypt[1255]: successfully read metadata from "/.fscrypt/protectors/737a0be29d62e6c0"
Mar 02 00:57:47 juno pam_fscrypt[1255]: listing policies in "/data/.fscrypt/policies"
Mar 02 00:57:47 juno pam_fscrypt[1255]: found 1 policies
Mar 02 00:57:47 juno pam_fscrypt[1255]: successfully read metadata from "/data/.fscrypt/policies/fcbfd26b9703ff8d6b7603168098d6e1"
Mar 02 00:57:47 juno pam_fscrypt[1255]: got data for fcbfd26b9703ff8d6b7603168098d6e1 from "/data"
Mar 02 00:57:47 juno pam_fscrypt[1255]: Detected support for filesystem keyring
Mar 02 00:57:47 juno pam_fscrypt[1255]: FS_IOC_GET_ENCRYPTION_KEY_STATUS("/data", fcbfd26b9703ff8d6b7603168098d6e1) = errno 0, status=1, status_flags=0x0
Mar 02 00:57:47 juno pam_fscrypt[1255]: unlocking 1 policies protected with AUTHTOK
Mar 02 00:57:47 juno pam_fscrypt[1255]: Strlen returned 7
Mar 02 00:57:47 juno pam_fscrypt[1255]: NewBlankKey called with length 7
Mar 02 00:57:47 juno pam_fscrypt[1255]: Setting euid=0 egid=0 groups=[]
Mar 02 00:57:47 juno pam_fscrypt[1255]: Current privs (real, effective): uid=(0,0) gid=(0,0) groups=[]
Mar 02 00:57:47 juno pam_fscrypt[1255]: OpenSession(map[debug:true]) failed: unlocking protector 737a0be29d62e6c0: could not lock key in memory
Mar 02 00:58:02 juno pam_fscrypt[2002]: OpenSession(map[debug:true]) starting
Mar 02 00:58:02 juno pam_fscrypt[2002]: Session count for UID=1000 updated to 2
Mar 02 00:58:02 juno pam_fscrypt[2002]: Current privs (real, effective): uid=(0,0) gid=(0,0) groups=[]
Mar 02 00:58:02 juno pam_fscrypt[2002]: Setting euid=1000 egid=1000 groups=[1000 20 27 29 44 46 100 101 104 108 119 995]
Mar 02 00:58:02 juno pam_fscrypt[2002]: Current privs (real, effective): uid=(0,1000) gid=(0,1000) groups=[20 27 29 44 46 100 101 104 108 119 995 1000]
Mar 02 00:58:02 juno pam_fscrypt[2002]: Reading config from "/etc/fscrypt.conf"
Mar 02 00:58:02 juno pam_fscrypt[2002]: creating context for user "exo"
Mar 02 00:58:03 juno pam_fscrypt[2002]: stat /sys/kernel/debug/tracing: permission denied
Mar 02 00:58:03 juno pam_fscrypt[2002]: ignoring mountpoint "/sys/kernel/debug/tracing" because it is not a directory
Mar 02 00:58:03 juno pam_fscrypt[2002]: stat /run/user/1000/gvfs: permission denied
Mar 02 00:58:03 juno pam_fscrypt[2002]: ignoring mountpoint "/run/user/1000/gvfs" because it is not a directory
Mar 02 00:58:03 juno pam_fscrypt[2002]: found ext4 filesystem "/" (/dev/sda3)
Mar 02 00:58:03 juno pam_fscrypt[2002]: listing protectors in "/.fscrypt/protectors"
Mar 02 00:58:03 juno pam_fscrypt[2002]: found 1 protectors
Mar 02 00:58:03 juno pam_fscrypt[2002]: successfully read metadata from "/.fscrypt/protectors/737a0be29d62e6c0"
Mar 02 00:58:03 juno pam_fscrypt[2002]: Getting protector 737a0be29d62e6c0 from option
Mar 02 00:58:03 juno pam_fscrypt[2002]: successfully read metadata from "/.fscrypt/protectors/737a0be29d62e6c0"
Mar 02 00:58:03 juno pam_fscrypt[2002]: listing policies in "/.fscrypt/policies"
Mar 02 00:58:03 juno pam_fscrypt[2002]: found 0 policies
Mar 02 00:58:03 juno pam_fscrypt[2002]: following protector link /data/.fscrypt/protectors/737a0be29d62e6c0.link
Mar 02 00:58:03 juno pam_fscrypt[2002]: resolved filesystem link using UUID "9fd450df-ba4e-41a0-9051-c3991b162928"
Mar 02 00:58:03 juno pam_fscrypt[2002]: successfully read metadata from "/.fscrypt/protectors/737a0be29d62e6c0"
Mar 02 00:58:03 juno pam_fscrypt[2002]: listing policies in "/data/.fscrypt/policies"
Mar 02 00:58:03 juno pam_fscrypt[2002]: found 1 policies
Mar 02 00:58:03 juno pam_fscrypt[2002]: successfully read metadata from "/data/.fscrypt/policies/fcbfd26b9703ff8d6b7603168098d6e1"
Mar 02 00:58:03 juno pam_fscrypt[2002]: got data for fcbfd26b9703ff8d6b7603168098d6e1 from "/data"
Mar 02 00:58:03 juno pam_fscrypt[2002]: Detected support for filesystem keyring
Mar 02 00:58:03 juno pam_fscrypt[2002]: FS_IOC_GET_ENCRYPTION_KEY_STATUS("/data", fcbfd26b9703ff8d6b7603168098d6e1) = errno 0, status=1, status_flags=0x0
Mar 02 00:58:03 juno pam_fscrypt[2002]: unlocking 1 policies protected with AUTHTOK
Mar 02 00:58:03 juno pam_fscrypt[2002]: Setting euid=0 egid=0 groups=[]
Mar 02 00:58:03 juno pam_fscrypt[2002]: Current privs (real, effective): uid=(0,0) gid=(0,0) groups=[]
Mar 02 00:58:03 juno pam_fscrypt[2002]: OpenSession(map[debug:true]) failed: unlocking protector 737a0be29d62e6c0: AUTHTOK data missing: No module specific data is present
Looks like neither NewBlankKey nor NewKeyFromCString do something wrong here.
The excessive mem locking must happen elsewhere.
I hope this helps a bit. My guesses have been proven wrong.
from fscrypt.
EX0l0N
commented on May 18, 2024
Just out of curiosity I replaced the unix package with the internal syscall package, so that I could use syscall.mmap, with all variables from unix replaced by their syscall counterparts.
This crashes the whole greeter the very moment I enter a password and falls back to console. Not even my new debug statements show up at journalctrl, instead I'm being left with only this line on the console:
runtime: mmap: too much locked memory (check 'utlimit -l')
It still works with unlimited lock mem though.
After having traced the string length and the mmap calls through the code like this, I no longer believe that this is a bug in pam_fscrypt at all. If so, it must in fact the mmap implementations of go that are flawed, which it don't think is very likely.
I was mistaken by the ulimit being a per process property - but since pam_fscrypt is just a shared object, it seems plausible to me that the bug is actually something that happens in the process that loads the library.
Feel free to close this issue, I don't think there is anything that could be done about this on pam_fscrypts side.
from fscrypt.
EX0l0N
commented on May 18, 2024
One last thing:
I just rebuild with
var UseMlock = false
to have something that works on my machine with default values, being pretty sure that the keys will never be swapped at boot time anyway.
I still get unix.EAGAIN from mmap even without the locking, unless I have at least 4GB of limit set for locked mem.
This is above my head.
from fscrypt.
EX0l0N
commented on May 18, 2024
I just could not stop it.
To get rid of mmap at all I wrote the following in NewBlankKey
addr := C.calloc(C.size_t(length), 1)
data := unsafe.Slice((*byte)(unsafe.Pointer(addr)), length)
log.Printf("Allocated key with %d length.", len(data))
key := &Key{data: data}
replacing the mmap allocation with a simple call to C.calloc.
(Of course I implemented the C.free counterpart for wipe.)
This again still requires max locked memory to be set to unlimited to work, but it crashes in an interesting way if normal limits are applied.
It kills my greeter with an OOM stacktrace from go.
It dies in argon2 while trying to allocate a 128MB block, which resembles my protectors metadatas memory requirements.
This is called from action.getWrappingKey -> crypto.PassphraseHash -> argon2.IDKey
This makes me wonder if for some reason all allocations here count against the maximum locked memory limit.
Something about memory management is rotten here. Without pam_fscrypt enabled my greeter has a memory footprint of 7KB.
With pam_fscrypt loaded (even with the original file from the package), it ends up with 1172MB virtual address room and an RSS of 232MB, after a successful login with folders decrypted.
This still may be some weird side-effect of using mobians greeter, but I can't use it like this and it appears I also can not debug it.
from fscrypt.
josephlr
commented on May 18, 2024
@ebiggers I have a new hypothesis, I wonder if some PAM configuration is causing all allocated memory to be locked, including that in the Argon2 passphrase hash. Do you think that's possible?
from fscrypt.
Related Issues (20)
- Deleting files from folder encrypted with fscrypt HOT 4
- Partial Decrypt HOT 3
- fscrypt tests fail on non x86_64 arches (aarch64, ppc64le, s390x) HOT 7
- How to resolve "Some processes can't access unlocked encrypted files"? HOT 2
- Should we make the fscrypt metadata harder to delete? HOT 2
- multiple login nodes (multiple lustre client), how should I correctly apply the fscrypt tool to encrypt files under shared storage? HOT 1
- Unlocking of encrypted directory inside of disk partition image does not work while fscrypt confirms "ready for use" HOT 4
- Generate `fscrypt.conf` with Adiantum as the encryption mode HOT 2
- How to unlock encrypted regular files located in an unencrypted directory? HOT 8
- Obscure error message due to process address space limit HOT 5
- A question: how does diectory know what policy protects it? HOT 12
- Is it good Idea to copy and reuse policy on other device? Is it good idea to copy and reuse a protector? HOT 2
- fscrypt on CephFS does not recognize locked directories upon remount HOT 7
- fscrypt on CephFS: no buffer space available HOT 1
- Can't lock folders encrypted with fscrypt HOT 8
- Inability to change fscrypt's default directory HOT 1
- Feature Request: Command to fetch protector ID and policy ID for a given directory
- How to recover after forgotten login password? HOT 2
- Concurrency issue when new mounts are added HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fscrypt.