From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com [IPv6:2a00:1450:400c:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Wed, 16 Nov 2016 08:32:15 +0100 (CET) Received: by mail-wm0-x22e.google.com with SMTP id t79so52838345wmt.0 for ; Tue, 15 Nov 2016 23:32:15 -0800 (PST) Received: from [10.34.26.80] (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id r7sm38751533wjp.43.2016.11.15.23.32.13 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Nov 2016 23:32:13 -0800 (PST) References: <2aa32b7a-8aa4-bd7a-c6f0-eaef3794e8e8@whgl.uni-frankfurt.de> <20161115231546.GN19581@yeono.kjorling.se> <10ad5d6f-faf4-e71e-d528-67054db1f4ae@whgl.uni-frankfurt.de> <20161115235254.GA13171@tansi.org> <70a8f691-e02e-c2c9-b206-0e2bc028e113@freesources.org> From: Milan Broz Message-ID: Date: Wed, 16 Nov 2016 08:32:12 +0100 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] About CVE-2016-4484: - Cryptsetup Initrd root Shell List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 11/16/2016 02:15 AM, Sven Eschenberg wrote: ... > > There's a whole bunch of headlines among these lines. I've read that > cryptsetup has a vulnerability exposing a root-shell on an encrypted > system. Not quite so. Yes, this is the real "contribution" of reporting a bug with (possibly even unrelated) project name in headlines. But seems users themselves correct some stupid article comments, thanks for it! ;-) Sometimes I wish security is less theater and more responsibility... (This bug cost me hours of explanation that upstream has nothing to fix and that in fact the cryptsetup/LUKS worked as designed.) Milan