Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

error 24 #421

Open
Cherkah opened this issue Mar 17, 2022 · 1 comment
Open

error 24 #421

Cherkah opened this issue Mar 17, 2022 · 1 comment

Comments

@Cherkah
Copy link

Cherkah commented Mar 17, 2022

Actual Behavior

i have this message:
Error 24: There was an integrity violation detected. Preventing any further access to the file system. This can either
happen if an attacker changed your files or rolled back the file system to a previous state, but it can also happen if
you rolled back the file system yourself, for example restored a backup. If you want to reset the integrity data (i.e.
accept changes made by a potential attacker), please delete the following file before re-mounting it:
/home/USER/.local/share/cryfs/filesystems/XXXXXXXXXXXXXXXX/integritydata

Question:
If i don't want to delete the ../integritydata File, i cannot get access to my file.
so how to keep the previous version an access to it?

Steps to Reproduce the Problem

  1. befor this message i had activated apparmor.service (systemd).

Specifications

  • CryFS Version: Version 0.11.2
  • Operating System (incl. Version):
    Operating System: Manjaro Linux
    KDE Plasma Version: 5.24.3
    KDE Frameworks Version: 5.91.0
    Qt Version: 5.15.3
@smessmer
Copy link
Member

smessmer commented Mar 20, 2022
edited

Hi, thanks for reaching out. Can you explain a bit about why you want to do this? It seems that somebody or something changed or rolled back (parts of) your file system to an earlier version and did so by changing the encrypted files directly, not going through the mounted cryfs process. Did you recover from a backup? In that case it would be benign. Or maybe some application on your computer decided to do that for you. Another possibility is that some attacker modified your data, that would be less benign.

You have three options:

  1. Reject the changes. Delete your file system and don't access it again. Or try to undo the rollback and find a version or backup of the file system that is the most up to date version.
  2. Accept the changes and continue using your file system. To tell CryFS that you accept the changes, you can delete the integrity file. This will reset your integrity state and the file system will work again as expected. CryFS will automatically recreate the integrity file with the current state of the file system and future rollbacks or unwanted changed to the encrypted files will still be detected and again trigger the same error.
  3. Temporarily disable integrity checks.You can mount the file system with the --allow-integrity-violations option. This will allow you temporary access to it without checking the integrity file and without trying to detect future integrity violations.

In almost all cases, option 1 or 2 are the recommended options but I don't know enough about what happened in your scenario and what security guarantees you need to really make a recommendation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@smessmer @Cherkah