Re: About CVE-2016-4484: - Cryptsetup Initrd root Shell

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Am 16.11.2016 um 01:08 schrieb Jonas Meurer:
Hi list,

Am 16.11.2016 um 00:52 schrieb Arno Wagner:
On Wed, Nov 16, 2016 at 00:28:50 CET, Sven Eschenberg wrote:
[...]
The CVE however assumed, that you can not simply access the internal
parts of the machine. Still, more fuzz than substance in that CVE,
if you ask me.

My take also. Probably some ego-boosting going on
somewhere in this affair. The whole set-up seems
contrieved to me and not of general applicability
enough to make this a CVE or even a real defect.

At best, I see a mild violation of the "Principle of
least surprise". Anybody that really needs the
"security" the fix provides has far bigger problems.

I agree that the whole issue is slightly overexaggerated and there's a
lot of clickbaiting going on in the news about it. [1]

Still I agree with the reporters that there are special scenarios where
the discovered flaw can be considered as vulnerability: For setups where
the attacker has physical access to keyboard but not to the computer and
both BIOS and bootloader are locked.

This is a very special setup but I can imagine that it exists at public
computers like in libraries, universities, bars, ...

If the adversary does not care about angry looks and the like he/she can always access more than just the keyboard. Nothing a set of battery powered tools can't fix ;-). SCNR.


While I don't agree on the way this issue was handled and I'm not
convinced that it deserves a CVE, I agree that we (as the distribution
developers/maintainers) should fix it in some way.

At the moment I'm inclined to suggest to propose a change to
initramfs-tools which disables the dropping to emergency shell per
default and reboots/freezes instead. Dropping to emergency shell in case
of an error during initramfs could be activated manually through a boot
parameter.

I personally would prefer an authenticated root-shell as I said before. But that's probably a matter of taste. If parsing of the root parameter fails somehow, you'll certainly have a hard time finding out, what is going on. A secured root-shell seems a little more robust to me.


Cheers,
 jonas

[1] an extreme example is the headline "Major Linux security hole found
in Cryptsetup script for LUKS disk encryption", found here:
http://betanews.com/2016/11/15/linux-security-bug-cryptsetup-luks/


There's a whole bunch of headlines among these lines. I've read that cryptsetup has a vulnerability exposing a root-shell on an encrypted system. Not quite so.

Reagards

-Sven
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt



[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux