Re: 2.6.3-mm1

From: Andrew Morton (akpm_at_osdl.org)
Date: 02/18/04

Next message: Chris Wedgwood: "Re: TCP: Treason uncloaked DoS ??"

Previous message: Alex Bennee: "Re: Any guides for adding new IDE chipset drivers?"
In reply to: Andi Kleen: "Re: 2.6.3-mm1"
Next in thread: Andi Kleen: "Re: 2.6.3-mm1"
Reply: Andi Kleen: "Re: 2.6.3-mm1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date:	Wed, 18 Feb 2004 02:55:49 -0800
To: Andi Kleen <ak@suse.de>

Andi Kleen <ak@suse.de> wrote:
>
> Andrew Morton <akpm@osdl.org> writes:
>
> > ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.3/2.6.3-mm1/
> >
> > - Added the dm-crypt driver: a crypto layer for device-mapper.
> >
> > People need to test and use this please. There is documentation at
> > http://www.saout.de/misc/dm-crypt/.
> >
> > We should get this tested and merged up. We can then remove the nasty
> > bio remapping code from the loop driver. This will remove the current
> > ordering guarantees which the loop driver provides for journalled
> > filesystems. ie: ext3 on cryptoloop will no longer be crash-proof.
> >
> > After that we should remove cryptoloop altogether.
> >
> > It's a bit late but cyptoloop hasn't been there for long anyway and it
> > doesn't even work right with highmem systems (that part is fixed in -mm).
>
> Is it guaranteed that this thing will be disk format compatible to cryptoloop?
> (mainly in IVs and crypto algorithms)

Allegedly. Of course, doing this will simply retain crypto-loop's security
weaknesses.

> While 2.3 and 2.4 have broken the on disk format of crypto loop several
> times (each time to a new "improved and ultimately perfect format")
> I don't think that's acceptable for a mature OS anymore.

Well I guess people are free to do that sort of thing with out-of-kernel
patches.

One question which needs to be adressed is whether dm-crypt adequately
addresses crypto-loop's security weaknesses, and if so, how one should set
it up to do so.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wedgwood: "Re: TCP: Treason uncloaked DoS ??"

Previous message: Alex Bennee: "Re: Any guides for adding new IDE chipset drivers?"
In reply to: Andi Kleen: "Re: 2.6.3-mm1"
Next in thread: Andi Kleen: "Re: 2.6.3-mm1"
Reply: Andi Kleen: "Re: 2.6.3-mm1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: 2.6.3-mm1
... AFAIK the two big security weaknesses in most version of cryptoloop are: ... Supporting metadata can be quite simple - e.g. a standard header on the first blocks that ... send the line "unsubscribe linux-kernel" in ...
(Linux-Kernel)
Re: 2.6.3-mm1
... > bio remapping code from the loop driver. ... Is it guaranteed that this thing will be disk format compatible to cryptoloop? ... send the line "unsubscribe linux-kernel" in ...
(Linux-Kernel)
Re: [PATCH] Delete cryptoloop
... OK - if nobody complains convincingly we'll drop cryptoloop out of 2.6.9. ... > reportedly has mutliple security weaknesses. ... Doesn't dm-crypt have the same security weaknesses? ... send the line "unsubscribe linux-kernel" in ...
(Linux-Kernel)
Re: crypto-loop + highmen -> random crashes in -test11
... Soeren Sonnenburg wrote: ... | I get random crashes/corruption/ init kills when I use cryptoloop on ... To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ ...
(Linux-Kernel)
loop driver, device-mapper and crypto
... kernel with block device backing. ... In 2.6 we have a device-mapper which does such things in a much more ... and cryptoloop ... and would be happier if the loop driver was used for files only. ...
(Linux-Kernel)