From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx3.freesources.org (mx3.freesources.org [195.34.172.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Wed, 16 Nov 2016 01:46:37 +0100 (CET) Received: from dslb-084-058-024-231.084.058.pools.vodafone-ip.de ([84.58.24.231] helo=[192.168.2.121]) by mx3.freesources.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1c6nmR-0007wR-CJ for dm-crypt@saout.de; Wed, 16 Nov 2016 00:08:47 +0000 References: <2aa32b7a-8aa4-bd7a-c6f0-eaef3794e8e8@whgl.uni-frankfurt.de> <20161115231546.GN19581@yeono.kjorling.se> <10ad5d6f-faf4-e71e-d528-67054db1f4ae@whgl.uni-frankfurt.de> <20161115235254.GA13171@tansi.org> From: Jonas Meurer Message-ID: <70a8f691-e02e-c2c9-b206-0e2bc028e113@freesources.org> Date: Wed, 16 Nov 2016 01:08:31 +0100 MIME-Version: 1.0 In-Reply-To: <20161115235254.GA13171@tansi.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="G3hG7tbxfUIf50sEWI535FsrJT1FFPkix" Subject: Re: [dm-crypt] About CVE-2016-4484: - Cryptsetup Initrd root Shell List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --G3hG7tbxfUIf50sEWI535FsrJT1FFPkix Content-Type: multipart/mixed; boundary="2aKnjIDgBATpabg6CffsFqMunDG70AM2B"; protected-headers="v1" From: Jonas Meurer To: dm-crypt@saout.de Message-ID: <70a8f691-e02e-c2c9-b206-0e2bc028e113@freesources.org> Subject: Re: [dm-crypt] About CVE-2016-4484: - Cryptsetup Initrd root Shell References: <2aa32b7a-8aa4-bd7a-c6f0-eaef3794e8e8@whgl.uni-frankfurt.de> <20161115231546.GN19581@yeono.kjorling.se> <10ad5d6f-faf4-e71e-d528-67054db1f4ae@whgl.uni-frankfurt.de> <20161115235254.GA13171@tansi.org> In-Reply-To: <20161115235254.GA13171@tansi.org> --2aKnjIDgBATpabg6CffsFqMunDG70AM2B Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hi list, Am 16.11.2016 um 00:52 schrieb Arno Wagner: > On Wed, Nov 16, 2016 at 00:28:50 CET, Sven Eschenberg wrote: > [...]=20 >> The CVE however assumed, that you can not simply access the internal >> parts of the machine. Still, more fuzz than substance in that CVE, >> if you ask me. >=20 > My take also. Probably some ego-boosting going on > somewhere in this affair. The whole set-up seems=20 > contrieved to me and not of general applicability=20 > enough to make this a CVE or even a real defect.=20 >=20 > At best, I see a mild violation of the "Principle of=20 > least surprise". Anybody that really needs the=20 > "security" the fix provides has far bigger problems.=20 I agree that the whole issue is slightly overexaggerated and there's a lot of clickbaiting going on in the news about it. [1] Still I agree with the reporters that there are special scenarios where the discovered flaw can be considered as vulnerability: For setups where the attacker has physical access to keyboard but not to the computer and both BIOS and bootloader are locked. This is a very special setup but I can imagine that it exists at public computers like in libraries, universities, bars, ... While I don't agree on the way this issue was handled and I'm not convinced that it deserves a CVE, I agree that we (as the distribution developers/maintainers) should fix it in some way. At the moment I'm inclined to suggest to propose a change to initramfs-tools which disables the dropping to emergency shell per default and reboots/freezes instead. Dropping to emergency shell in case of an error during initramfs could be activated manually through a boot parameter. Cheers, jonas [1] an extreme example is the headline "Major Linux security hole found in Cryptsetup script for LUKS disk encryption", found here: http://betanews.com/2016/11/15/linux-security-bug-cryptsetup-luks/ --2aKnjIDgBATpabg6CffsFqMunDG70AM2B-- --G3hG7tbxfUIf50sEWI535FsrJT1FFPkix Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdBQJYK6OMFhxqb25hc0BmcmVlc291cmNlcy5vcmcACgkQUmLn/0kQ Sf5uGg//djQpAX4f8JbKGXL8a9EcIN0ZIttavZzBo9Ttj+Lju/3KDYfsj4mu2CZ6 Cw6xPSWyQXCh4hzVQ98td5b4tTqNJSKLlC/HOQakOEVBwUoqnJk0uDLNJvvXLpMJ 7YhR7T7oBBgQbiR7Ozx/8vtFdbuFdELvfu66/Bbxlt/Z/zxXtNG5pg725F7Wjd99 judQ0rUK4gt9ByP4mnBWkqhnthwlgpqR35NBx11MeWXIQXqzTPeO3LZGbYRhTytQ RxzAr7GLJH8cSgddMR6i+U2U87UuNsAFj2sHX/0okUelaEZUyoeXRFXOQBbGnRzW RO/iwf1l0ZVWoYK6O0Gwt/5yKSvqzHBVUTTGx4VzP+VtORFW4wRThe9/P5zbQXaZ ryl5DpORb6AzJLKjv4/BB3FqWiF3lScSW+kwxafqMLKIBpZ69QVi5jCXIC+Tu8nk apW/fm0OFBVO2kpJhW9f06X7RHcjD8dDUtSwfYfvO7H8ZenYaV5hrhaH0vYr5lhb YCShxAHp9mtR8T66+EUXuujPCThMKtlQzW1RuLIz8kFxMUPueTpGsxSeYDpBYvnC aubGxQzXTJS8HgYdnQmWNSVeUQoJ1cQ4TtjelCfTLdJTclQQ4o4NfmJV9mfEWz4/ yJjb9LcHNFYxU9ealhpjV7034U5GRPN+BkJStDgvc04u1yJZkAs= =ezuW -----END PGP SIGNATURE----- --G3hG7tbxfUIf50sEWI535FsrJT1FFPkix--