mandos-client adds unnecessary files to initrd
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mandos (Debian) |
Fix Released
|
Unknown
|
|||
mandos (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jaunty |
Fix Released
|
Undecided
|
Unassigned | ||
Karmic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: mandos-client
Copied text from Debian bug #551907, reported by "C. Dominik Bodi" <email address hidden>:
----
The update-initramfs hook script for mandos client adds several files
into the initrd that are not necessary for its operation. One of the
files being added causes a severe security risk for other mandos
client in case the client acts as a mandos server, as well.
The superfluous files can be found in
initrd_
First of all, backup files created by various text editors, for
instance emacsen's "filename~" (notice the tilde) files, are added
to the initrd.
More importantly, if the mandos server package is installed on the
same computer, the /etc/mandos/
/etc/mandos/
[...]
----
visibility: | private → public |
Changed in mandos (Debian): | |
status: | Unknown → New |
Changed in mandos (Ubuntu): | |
assignee: | nobody → Mandos Maintainers (mandos-maintainers) |
status: | New → Fix Committed |
Changed in mandos (Debian): | |
status: | New → Fix Released |
Changed in mandos (Ubuntu Karmic): | |
assignee: | Mandos Maintainers (mandos-maintainers) → nobody |
status: | In Progress → Fix Committed |
Fixed in Mandos 1.0.13, now released upstream.