Control: tag -1 moreinfo On Sun, 25 Aug 2013 00:37:53 +0200 Vincent Lefevre <vinc...@vinc17.net> wrote: > Package: initramfs-tools > Version: 0.113 > Severity: important > Tags: security > > I've noticed that when running update-initramfs, a core dump was > generated in the current directory, which is in itself a first bug. > > After looking at this problem with strace, I saw that this came from: > > /usr/bin/ldd /lib/firmware/cis/PCMLM28.cis [...]
In version 0.121~rc1 the copy_exec function has been split up and we should now only be running ldd when copying executables. These executables are being copied and used in the initramfs so they are already trusted. So I don't think there's any security reason to move away from using ldd. Do you think there is still a bug to fix here, or can this be closed? Ben. -- Ben Hutchings Quantity is no substitute for quality, but it's the only one we've got
signature.asc
Description: This is a digitally signed message part