On Tue, Dec 19, 2006 at 10:07:25PM +, Rob Walker wrote:
Problem is I can't reproduce the bug with your commands either
(executing them as a regular user):
([EMAIL PROTECTED]:~)$ dd if=/dev/zero of=/tmp/foo bs=1k count=1024
1024+0 records in
1024+0 records out
1048576 bytes (1.0 MB) copied, 0
> >>
> >> Are you able to reproduce the error with the version of cryptsetup that
> >> is currently in unstable?
> >
> >I can reproduce the bug using the cryptsetup from unstable. I've also
> > tried it on another machine with the same results.
>
> Ok, could you then provide me with the exact step
On Wed, December 20, 2006 11:32, Rob Walker said:
>> >I can reproduce the bug using the cryptsetup from unstable. I've also
>> > tried it on another machine with the same results.
>>
>> Ok, could you then provide me with the exact steps that you took to
>> reproduce it cause so far I haven't manag
severity 403075 normal
tags 403075 -security
tags 403075 +moreinfo
thanks
On Thu, Dec 14, 2006 at 01:46:33PM +, Rob Walker wrote:
Package: cryptsetup
Version: 2:1.0.4-8
Severity: grave
Tags: security
Justification: user security hole
If I run cryptsetup luksOpen, giving it a file instead of
>A normal user can do this, so this could be used for some kind of
>denial of service attack: system performance will be impaired and processes of
>other users may be killed. Hence the grave serverity.
Ehh..any user can run a process which uses any amount of memory
unless you use ulimit.
I agre
On Thu, Dec 14, 2006 at 11:08:26PM +, Rob Walker wrote:
The correct syntax would be something like:
/sbin/cryptsetup luksOpen /dev/something tmpfoo
I know the syntax to the cryptsetup command I gave is incorrect, but
crypt setup should catch such errors and print a useful warning
message ra
6 matches
Mail list logo
