[dm-crypt] About CVE-2016-4484: - Cryptsetup Initrd root Shell
doark at mail.com
Tue Nov 29 15:56:28 CET 2016
On Wed, 16 Nov 2016 14:48:27
Arno Wagner <arno at wagner.name> wrote:
> On Wed, Nov 16, 2016 at 08:32:12 CET, Milan Broz wrote:
> > On 11/16/2016 02:15 AM, Sven Eschenberg wrote:
> > ...
> > >
> > > There's a whole bunch of headlines among these lines. I've read
> > > that cryptsetup has a vulnerability exposing a root-shell on an
> > > encrypted system. Not quite so.
> > Yes, this is the real "contribution" of reporting a bug with
> > (possibly even unrelated) project name in headlines.
> > But seems users themselves correct some stupid article comments,
> > thanks for it! ;-)
> > Sometimes I wish security is less theater and more responsibility...
> > (This bug cost me hours of explanation that upstream has nothing to
> > fix and that in fact the cryptsetup/LUKS worked as designed.)
> Tell me about it. I have these discussions regularly as a
> security consultant, simply because a lack of understanding
> on customer side and attribution of errors by keyword-matching
> I think I will add a new section to the FAQ dealing with initrd
> 1) No, the initrd is _not_ part of cryptsetup, it is your
> distro that screwed up if it is broken or insecure.
> 2) If you depend on the initrd doing something seucrely,
> roll your own and lock that down.
> 3) (Maybe an example...)
Personally, I've know about this for years (because I could not
remember my password one day), and I thought it was helpful to be able to
drop to a shell when cryptsetup does not return 0.
Great debugging aide if you wrote something wrong in the intrid.
Besides, if I was truly an evil attacker with physical access, surly I
could come up with a better attack then this one (Change out the
cpu/CMOS/BIOS with an evil one! No more TPE! No more Intel TxT! No more
*secure* hardware crypto devices! Etc.!!!).
More information about the dm-crypt