Package: cryptsetup Version: 2:1.1.2-1 Severity: normal Tags: patch
Hi Jonas. The current init-scripts might have a "meta security" problem, for which I've attached patches. Imagine a user want's to stop all cryptdisks (as the police is comming ;) )... He does /etc/init.d/cryptdisks[-early] stop, which should stop them (at least until no one is used anymore), right?. However, the if /lib/cryptsetup/cryptdisks.functions (which should never happen) you exit 0 and he wouldn't notice an error, that stopping didn't work. The patch also removes the check for /lib/cryptsetup/cryptdisks.functions, as I guess it's not required, because if the initscripts are there, that file is also there,.. unless people broke their packages manually, which we can never prevent or always check for. Cheers, Chris.
--- cryptdisks-early 2010-06-26 13:12:25.000000000 +0200 +++ 2 2010-06-26 13:13:06.000000000 +0200 @@ -15,11 +15,7 @@ set -e -if [ -r /lib/cryptsetup/cryptdisks.functions ]; then - . /lib/cryptsetup/cryptdisks.functions -else - exit 0 -fi +. /lib/cryptsetup/cryptdisks.functions INITSTATE="early" LOUD=""