[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#536195: marked as done (document UMASK initramfs.conf usage)

Your message dated Fri, 9 Apr 2010 00:46:49 +0200
with message-id <20100408224649.GR6427@baikonur.stro.at>
and subject line Re: Bug#536195: initramfs.conf config section missing
has caused the Debian Bug report #536195,
regarding document UMASK initramfs.conf usage
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
536195: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536195
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: dropbear
Version: 0.52-2
Severity: normal

the dropbear package takes pains to set up the initramfs with its own
host keys for remote boot.  This is good!

It also makes those host keys unreadable to non-root users.  This is
also good!

0 dkg@pip:/tmp$ ls -l /etc/initramfs-tools/etc/dropbear/dropbear_*
-rw------- 1 root root 459 2009-07-08 00:08 /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key
-rw------- 1 root root 426 2009-07-08 00:08 /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key
0 dkg@pip:/tmp$

However, using stock initramfs-tools, the keys then get placed into a
world-readable initramfs, allowing any account on the server to
extract the host keys directly:

0 dkg@pip:/tmp$ mkdir -p etc/dropbear
0 dkg@pip:/tmp$ zcat /boot/initrd.img-$(uname -r) | cpio --extract etc/dropbear/dropbear_{dss,rsa}_host_key
40323 blocks
0 dkg@pip:/tmp$ ls -l etc/dropbear/
total 8
-rw------- 1 dkg dkg 459 2009-07-08 00:45 dropbear_dss_host_key
-rw------- 1 dkg dkg 426 2009-07-08 00:45 dropbear_rsa_host_key
0 dkg@pip:/tmp$ 

This exposes the remote boot setup to a potential MITM attack by any
system user who cared to copy the host keys out of the initramfs
before the reboot and is able to intercept (or misroute) network
traffic.

One really bad otucome of this is that it could allow for sniffing of
the cryptoroot passphrases.

    --dkg

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-vserver-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages dropbear depends on:
ii  libc6                  2.9-12            GNU C Library: Shared libraries
ii  zlib1g                 1:1.2.3.3.dfsg-13 compression library - runtime

dropbear recommends no packages.

Versions of packages dropbear suggests:
ii  openssh-client         1:5.1p1-5.opensc1 secure shell client, an rlogin/rsh
ii  runit                  2.0.0-1           a UNIX init scheme with service su
ii  udev                   0.141-1           /dev/ and hotplug management daemo

-- no debconf information

--- End Message ---
--- Begin Message --- 
On Thu, Apr 08, 2010 at 11:54:48PM +0200, Christoph Anton Mitterer wrote:
> 
> There is no such section for the UMASK thingy.

no such section was planed and is not expected.
this bug was about documenting UMASK.
 
> btw: may I suggest to not only add the default value
> UMASK=644
> but also a commented secure one:
> #UMASK=600
> 
> Or perhaps even make the secure one the default?

nope disables easy user testing with qemu
and beside the special case of dropbear useless.


closing.

--- End Message ---
Reply to: