[dm-crypt] About CVE-2016-4484: - Cryptsetup Initrd root Shell

Milan Broz gmazyland at gmail.com
Wed Nov 16 08:32:12 CET 2016


On 11/16/2016 02:15 AM, Sven Eschenberg wrote:
...
> 
> There's a whole bunch of headlines among these lines. I've read that 
> cryptsetup has a vulnerability exposing a root-shell on an encrypted 
> system. Not quite so.

Yes, this is the real "contribution" of reporting a bug with
(possibly even unrelated) project name in headlines.

But seems users themselves correct some stupid article comments,
thanks for it! ;-)

Sometimes I wish security is less theater and more responsibility...
(This bug cost me hours of explanation that upstream has nothing to fix
and that in fact the cryptsetup/LUKS worked as designed.)

Milan


More information about the dm-crypt mailing list