An old Linux security 'feature' script, which activates LUKS disk encryption, has been hiding a major security hole in plain sight.

Emotional, Burning, Unlimited Tuned Laboratory


Sometimes Linux users can be smug about their system’s security. And sometimes a major hole that’s been hiding in Linux since about version 2.6 opens up and in you fall.

The security hole this time is with how almost all Linux distributions implement Linux Unified Key Setup-on-disk-format (LUKS). LUKS is the standard mechanism for implementing Linux hard disk encryption. LUKS is often put into action with Cryptsetup. It’s in Cryptsetup default configuration file that the problem lies and it’s a nasty one. Known Linux distributions with this bug include Debian, Ubuntu, Fedora, Red Hat Enterpise Linux (RHEL), and SUSE Linux Enterprise Server (SLES)…