From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from v1.tansi.org (mail.tansi.org [84.19.178.47]) by mail.server123.net (Postfix) with ESMTP for ; Wed, 16 Nov 2016 00:52:55 +0100 (CET) Received: from gatewagner.dyndns.org (77-56-144-126.dclient.hispeed.ch [77.56.144.126]) by v1.tansi.org (Postfix) with ESMTPA id B46CD140085 for ; Wed, 16 Nov 2016 00:52:53 +0100 (CET) Date: Wed, 16 Nov 2016 00:52:54 +0100 From: Arno Wagner Message-ID: <20161115235254.GA13171@tansi.org> References: <2aa32b7a-8aa4-bd7a-c6f0-eaef3794e8e8@whgl.uni-frankfurt.de> <20161115231546.GN19581@yeono.kjorling.se> <10ad5d6f-faf4-e71e-d528-67054db1f4ae@whgl.uni-frankfurt.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <10ad5d6f-faf4-e71e-d528-67054db1f4ae@whgl.uni-frankfurt.de> Subject: Re: [dm-crypt] About CVE-2016-4484: - Cryptsetup Initrd root Shell List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Wed, Nov 16, 2016 at 00:28:50 CET, Sven Eschenberg wrote: [...] > The CVE however assumed, that you can not simply access the internal > parts of the machine. Still, more fuzz than substance in that CVE, > if you ask me. My take also. Probably some ego-boosting going on somewhere in this affair. The whole set-up seems contrieved to me and not of general applicability enough to make this a CVE or even a real defect. At best, I see a mild violation of the "Principle of least surprise". Anybody that really needs the "security" the fix provides has far bigger problems. Regards, Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier