On Wed, 16 Nov 2016 14:48:27 Arno Wagner <arno@xxxxxxxxxxx> wrote: > On Wed, Nov 16, 2016 at 08:32:12 CET, Milan Broz wrote: > > On 11/16/2016 02:15 AM, Sven Eschenberg wrote: > > ... > > > > > > There's a whole bunch of headlines among these lines. I've read > > > that cryptsetup has a vulnerability exposing a root-shell on an > > > encrypted system. Not quite so. > > > > Yes, this is the real "contribution" of reporting a bug with > > (possibly even unrelated) project name in headlines. > > > > But seems users themselves correct some stupid article comments, > > thanks for it! ;-) > > > > Sometimes I wish security is less theater and more responsibility... > > (This bug cost me hours of explanation that upstream has nothing to > > fix and that in fact the cryptsetup/LUKS worked as designed.) > > Tell me about it. I have these discussions regularly as a > security consultant, simply because a lack of understanding > on customer side and attribution of errors by keyword-matching > instead. > > I think I will add a new section to the FAQ dealing with initrd > issues. > Contens: > 1) No, the initrd is _not_ part of cryptsetup, it is your > distro that screwed up if it is broken or insecure. > 2) If you depend on the initrd doing something seucrely, > roll your own and lock that down. > 3) (Maybe an example...) > > Regards, > Arno > Personally, I've know about this for years (because I could not remember my password one day), and I thought it was helpful to be able to drop to a shell when cryptsetup does not return 0. Great debugging aide if you wrote something wrong in the intrid. Besides, if I was truly an evil attacker with physical access, surly I could come up with a better attack then this one (Change out the cpu/CMOS/BIOS with an evil one! No more TPE! No more Intel TxT! No more *secure* hardware crypto devices! Etc.!!!). Sincerely, David _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
