
Just hit enter to get a shell of the rooty sort - eptcyka
http://www.phoronix.com/scan.php?page=news_item&px=Cryptsetup-Security-Fail
======
blockoperation
If someone is in a position to do this, the chances are they already have
physical access, and there are much more worrying things that can be done with
that (hardware keyloggers, etc).

The only obvious thing that can be done with this (beyond tampering with
firmware) is to backdoor the bootloader/kernel/initramfs/etc, but that can be
mitigated with TPM/TXT/tboot (just store your LUKS key in the TPM – any
tampering will render it, and therefore your data inaccessible).

------
eptcyka
I'm rather worried that this isn't getting the upvotes it needs.

~~~
theamk
I have cryptsetup, so I am probably vulnerable, but I do really care -- I do
not have BIOS password, nor do I physically disable my USB ports. If I wanted
to get a root shell with the disk still encrypted, it would be much more
convenient to just boot from the USB stick.

And in the case of "libraries, ATMs, airport machines" it is likely there will
be no boot-time passwords at all -- regular login process will likely be more
convenient for many reasons.

~~~
eptcyka
Well, if an attacker has the ability to access your computer several times,
you only need to screw with your init filesystem once to transfer your
password over tcp at boot time, or just safely store it on the disk if you
don't get a usable connection at boot time.

~~~
theamk
yes, but the same could be done by simply booting from USB stick. How does
this vulnerability makes it worse? (unless one has BIOS password and strong
physical security)

