[dm-crypt] About CVE-2016-4484: - Cryptsetup Initrd root Shell

Arno Wagner arno at wagner.name
Wed Nov 16 00:52:54 CET 2016


On Wed, Nov 16, 2016 at 00:28:50 CET, Sven Eschenberg wrote:
[...] 
> The CVE however assumed, that you can not simply access the internal
> parts of the machine. Still, more fuzz than substance in that CVE,
> if you ask me.

My take also. Probably some ego-boosting going on
somewhere in this affair. The whole set-up seems 
contrieved to me and not of general applicability 
enough to make this a CVE or even a real defect. 

At best, I see a mild violation of the "Principle of 
least surprise". Anybody that really needs the 
"security" the fix provides has far bigger problems. 

Regards,
Arno

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier


More information about the dm-crypt mailing list