initramfs-tools

opening privileged shell after entering wrong password for LUKS three times

Bug #1374742 reported by hon
264
This bug affects 3 people
Affects Status Importance Assigned to Milestone
initramfs-tools
New
Undecided
Unassigned
initramfs-tools (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

You should have root filesystem encrypted by LUKS. Start operational system and enter incorrect passphrase for root filesystem three times. Wait several seconds and you give busybox shell with superuser rights from initramdisk.
System should not open shell. It should ask for passphrase forever or show error, but don't open shell. OS: Ubuntu 12.04, Ubuntu 14.04.

See original description
hon (hon2048)
information type: Private Security → Public
information type: Public → Public Security
Revision history for this message
Seth Arnold (seth-arnold) wrote :

There are any number of ways to get a privileged shell from a system when physically present at booting. The important part is that your data is still encrypted without the keys.

Thanks

Changed in initramfs-tools (Ubuntu):
status: New → Invalid
Revision history for this message
hon (hon2048) wrote :

Access to keyboard on booting system is not physical access. System may have protected GRUB and firmware. Attacker may got priveleged shell without physical access and damage data, firmware, or add keyloger into /boot.

description: updated
Revision history for this message
hon (hon2048) wrote :

To fix this bug use the attachment.
If mainteiners want to fix this bug they should replace string "crypttries=3" to "crypttries=0" in /usr/share/initramfs-tools/scripts/local-top/cryptroot. But may be better to deny access to shell in panic() function in /usr/share/initramfs-tools/scripts/functions?

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.