Debian Bug report logs -
#931373
calamares-settings-debian: default permissions on initramfs is insecure for full-disk encryption
Reported by: Jonathan Carter <jcc@debian.org>
Date: Wed, 3 Jul 2019 12:45:02 UTC
Severity: normal
Found in version calamares-settings-debian/10.0.20-1
Fixed in version calamares-settings-debian/10.0.23-1
Done: Jonathan Carter <jcc@debian.org>
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, jcc@debian.org:
Bug#931373; Package calamares-settings-debian.
(Wed, 03 Jul 2019 12:45:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Jonathan Carter <jcc@debian.org>:
New Bug report received and forwarded. Copy sent to jcc@debian.org.
(Wed, 03 Jul 2019 12:45:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: calamares-settings-debian
Version: 10.0.20-1
Severity: normal
calamares supports full disk encryption using luks and grub.
It installs an encryption key in the initramfs, the problem is
that in Debian, the initramfs is world readable by default, which
means that a user on an unlocked system could retrieve the unlock
key.
Creating a file called /etc/initramfs-tools/conf.d/initramfs-permissions
containing UMASK=0077 will result in a more secure configuration, and
can be done from the calamares-settings-debian package.
Reply sent
to Jonathan Carter <jcc@debian.org>:
You have taken responsibility.
(Wed, 03 Jul 2019 13:36:04 GMT) (full text, mbox, link).
Notification sent
to Jonathan Carter <jcc@debian.org>:
Bug acknowledged by developer.
(Wed, 03 Jul 2019 13:36:04 GMT) (full text, mbox, link).
Message #10 received at 931373-close@bugs.debian.org (full text, mbox, reply):
Source: calamares-settings-debian
Source-Version: 10.0.23-1
We believe that the bug you reported is fixed in the latest version of
calamares-settings-debian, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 931373@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan Carter <jcc@debian.org> (supplier of updated calamares-settings-debian package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 03 Jul 2019 13:05:47 +0000
Source: calamares-settings-debian
Binary: calamares-settings-debian
Architecture: source all
Version: 10.0.23-1
Distribution: unstable
Urgency: medium
Maintainer: Jonathan Carter <jcc@debian.org>
Changed-By: Jonathan Carter <jcc@debian.org>
Description:
calamares-settings-debian - Debian theme and settings for the Calamares Installer
Closes: 931373
Changes:
calamares-settings-debian (10.0.23-1) unstable; urgency=medium
.
* Fixes permissions for initramfs image (CVE-2019-13179)
(Closes: #931373)
Checksums-Sha1:
f2f778f8875ecbf87d720fea73f8947afd3d5baf 2111 calamares-settings-debian_10.0.23-1.dsc
aebe9e16b8e00f0b5aedcf8bdc2c9791c250614b 100728 calamares-settings-debian_10.0.23.orig.tar.gz
b24a3e4c87d90dab4b41a3d72aa66dc03f377eaa 3004 calamares-settings-debian_10.0.23-1.debian.tar.xz
bff146a7efbeff59d75de8aab05d3c1ed4bc7245 101980 calamares-settings-debian_10.0.23-1_all.deb
84f2f8573287a2217032b8a348c15b4fcf45689b 5893 calamares-settings-debian_10.0.23-1_amd64.buildinfo
Checksums-Sha256:
14e886fbfe573c69ec60b400fd021dec98c8d9e44d624e98d9a8ac0274e404cb 2111 calamares-settings-debian_10.0.23-1.dsc
ed689f2c7854cf571fc88e5f37fb3db0444d8078f46dbbc2682075be6b3500d2 100728 calamares-settings-debian_10.0.23.orig.tar.gz
5c0f08eaf876b2811d3995b89e21a756a70f76cc5aeae82dce18182ad81dd011 3004 calamares-settings-debian_10.0.23-1.debian.tar.xz
4f29a260d702951392e9513d3b55f234b43d04e931b726afd9f8dc8400fa7a0f 101980 calamares-settings-debian_10.0.23-1_all.deb
94c5e5d2b25eeee0adb9d63cb40a6a835c59dc1b626a4a6ac908c23c920e1565 5893 calamares-settings-debian_10.0.23-1_amd64.buildinfo
Files:
93f0523c3f5f0307f1e4f91c225a5962 2111 utils optional calamares-settings-debian_10.0.23-1.dsc
3a3cec4795f9d0c6091c860bf0d801fc 100728 utils optional calamares-settings-debian_10.0.23.orig.tar.gz
2e3146aa1375461fd452a854c699aedf 3004 utils optional calamares-settings-debian_10.0.23-1.debian.tar.xz
821ccd1404b01c2e02434e7d00ed215c 101980 utils optional calamares-settings-debian_10.0.23-1_all.deb
38932cb9575839abd04ffb1fd43efb6b 5893 utils optional calamares-settings-debian_10.0.23-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEExyA8CpIGcL+U8AuxsB0acqyNyaEFAl0cqTgPHGpjY0BkZWJp
YW4ub3JnAAoJELAdGnKsjcmhadIP/iBUUqqTUAg5OqCJ6XiyQF3LkrBwSvH6IsbA
Xsbg5yYHPgSCEdEgEqConbg5z5fNRjYLIsF53N1RMlQyjb8Dh4KEZHM6Pfvop1kX
DsNnbp50h4z09K2zmGPQHDZve4iNLPGtGAAQLq26ottZkqrAqheANzgbA0HUavUF
+Ep+UOkCmjcgJxbJIbM3kvIZe8rHlhngkfqv/Ug2owO9bkFpEVGeWPD8RaKXQkf0
xWBgk3zSZhZVjgn1cMWzAFvchmW8lj/zEhUuaml9+TtvFZ0PCtKSWzLz5PNngr7y
gnjuhDvYu5UDwcTlUNAQysKCK2T/qCipFNzgn3dEocstbLircUCr9BzwkSIQP3Ia
aw60B68LSX6Y9lFtdLItPrrfpjMkn9gob1DSXsfB6UJ8XsWi1rz/BW1C1723qIQA
Mznhd6XDBL7rFg/LU/ywuDb6u5t35QfZEZqU5R96BHylEpG4/1GA57MelLM1y2ke
HDUqaWS0oH7my0xLP3OV+k6OQTjj54QdUSE8fHuqcAUxkoC2iIOtvyqmIpe2zXne
iNiziMJkvqqZ6EcPje47z3NEfmrmJQowAVfhUPKeDchWA659x7FZrybfA6umRJEu
2hM02SrTh5gQUsJu6J1jX/bGu3XbDZK/z/rDje1kaiWSlFIfyNKHMxA7WHXDuEgJ
sIKArA7R
=gikp
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Jul 4 11:20:57 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon