Driver allows writing to arbitrary devices

[t-d-k]

This is similar to #38, in that it has the same symptoms, but a different cause and fix. The driver allows a caller to open any device as an encrypted drive, with no checks on the headers, after that any data can be read or written. Although this data is encrypted and decrypted as it is accessed, the caller has access to all keys, including master keys and the salt in the header so can reverse this process to arbitrarily read and write to anywhere on disc. So a malware app can:

• Open a device, say C:, as a volume (say Z:).
• Read from Z:\ and encrypt that data to get the plaintext stored on C:.
• Decrypt some plaintext and write to Z: to overwrite plaintext on C:.

This bypasses Windows file-system access restrictions.

In short this allows a malware app on a PC where LC is installed to read and write arbitrarily anywhere on any physical device, without admin rights.

There are different solutions for the different container types:

• For FreeOTFE and LUKS volumes, which have distinctive headers, the driver should check the header and refuse to open the volume if it isn't valid (currently this is done in the GUI only).
• For plain dm-crypt, its more complicated, because dm-crypt has no header - in this case the driver should only allow opening if it's an inner container, and completely within the outer container. If the user has admin access, it can allow opening of an outer container.