[dm-crypt] About CVE-2016-4484: - Cryptsetup Initrd root Shell
gmazyland at gmail.com
Wed Nov 16 08:32:12 CET 2016
On 11/16/2016 02:15 AM, Sven Eschenberg wrote:
> There's a whole bunch of headlines among these lines. I've read that
> cryptsetup has a vulnerability exposing a root-shell on an encrypted
> system. Not quite so.
Yes, this is the real "contribution" of reporting a bug with
(possibly even unrelated) project name in headlines.
But seems users themselves correct some stupid article comments,
thanks for it! ;-)
Sometimes I wish security is less theater and more responsibility...
(This bug cost me hours of explanation that upstream has nothing to fix
and that in fact the cryptsetup/LUKS worked as designed.)
More information about the dm-crypt