From: David Niklas <doark@mail.com>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] About CVE-2016-4484: - Cryptsetup Initrd root Shell
Date: Tue, 29 Nov 2016 09:56:28 -0500 [thread overview]
Message-ID: <20161129095628.145ec2ac@ulgy_thing> (raw)
In-Reply-To: <20161116134826.GD17781@tansi.org>
On Wed, 16 Nov 2016 14:48:27
Arno Wagner <arno@wagner.name> wrote:
> On Wed, Nov 16, 2016 at 08:32:12 CET, Milan Broz wrote:
> > On 11/16/2016 02:15 AM, Sven Eschenberg wrote:
> > ...
> > >
> > > There's a whole bunch of headlines among these lines. I've read
> > > that cryptsetup has a vulnerability exposing a root-shell on an
> > > encrypted system. Not quite so.
> >
> > Yes, this is the real "contribution" of reporting a bug with
> > (possibly even unrelated) project name in headlines.
> >
> > But seems users themselves correct some stupid article comments,
> > thanks for it! ;-)
> >
> > Sometimes I wish security is less theater and more responsibility...
> > (This bug cost me hours of explanation that upstream has nothing to
> > fix and that in fact the cryptsetup/LUKS worked as designed.)
>
> Tell me about it. I have these discussions regularly as a
> security consultant, simply because a lack of understanding
> on customer side and attribution of errors by keyword-matching
> instead.
>
> I think I will add a new section to the FAQ dealing with initrd
> issues.
> Contens:
> 1) No, the initrd is _not_ part of cryptsetup, it is your
> distro that screwed up if it is broken or insecure.
> 2) If you depend on the initrd doing something seucrely,
> roll your own and lock that down.
> 3) (Maybe an example...)
>
> Regards,
> Arno
>
Personally, I've know about this for years (because I could not
remember my password one day), and I thought it was helpful to be able to
drop to a shell when cryptsetup does not return 0.
Great debugging aide if you wrote something wrong in the intrid.
Besides, if I was truly an evil attacker with physical access, surly I
could come up with a better attack then this one (Change out the
cpu/CMOS/BIOS with an evil one! No more TPE! No more Intel TxT! No more
*secure* hardware crypto devices! Etc.!!!).
Sincerely,
David
next prev parent reply other threads:[~2016-11-30 4:16 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-15 12:34 [dm-crypt] About CVE-2016-4484: - Cryptsetup Initrd root Shell Milan Broz
2016-11-15 13:27 ` Arno Wagner
2016-11-15 13:32 ` Sven Eschenberg
2016-11-15 15:18 ` Robert Nichols
2016-11-15 18:40 ` Sven Eschenberg
2016-11-15 19:19 ` Robert Nichols
2016-11-15 19:42 ` Sven Eschenberg
2016-11-15 22:51 ` Robert Nichols
2016-11-15 23:15 ` Michael Kjörling
2016-11-15 23:28 ` Sven Eschenberg
2016-11-15 23:52 ` Arno Wagner
2016-11-16 0:08 ` Jonas Meurer
2016-11-16 1:15 ` Sven Eschenberg
2016-11-16 7:32 ` Milan Broz
2016-11-16 13:48 ` Arno Wagner
2016-11-29 14:56 ` David Niklas [this message]
2016-12-07 11:37 ` Jonas Meurer
2016-12-07 13:00 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161129095628.145ec2ac@ulgy_thing \
--to=doark@mail.com \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox