[dm-crypt] About CVE-2016-4484: - Cryptsetup Initrd root Shell
arno at wagner.name
Wed Nov 16 00:52:54 CET 2016
On Wed, Nov 16, 2016 at 00:28:50 CET, Sven Eschenberg wrote:
> The CVE however assumed, that you can not simply access the internal
> parts of the machine. Still, more fuzz than substance in that CVE,
> if you ask me.
My take also. Probably some ego-boosting going on
somewhere in this affair. The whole set-up seems
contrieved to me and not of general applicability
enough to make this a CVE or even a real defect.
At best, I see a mild violation of the "Principle of
least surprise". Anybody that really needs the
"security" the fix provides has far bigger problems.
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt