Debian Bug report logs - #568750
live-initramfs: live-media=removable does not work as advertised

version graph

Package: live-initramfs; Maintainer for live-initramfs is Debian Live Project <debian-live@lists.debian.org>;

Reported by: intrigeri@boum.org

Date: Sun, 7 Feb 2010 14:33:01 UTC

Severity: normal

Tags: patch

Found in version live-initramfs/1.173.1-1

Fixed in version 1.173.2-1

Done: Daniel Baumann <daniel@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Live <debian-live@lists.debian.org>:
Bug#568750; Package live-initramfs. (Sun, 07 Feb 2010 14:33:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to intrigeri@boum.org:
New Bug report received and forwarded. Copy sent to Debian Live <debian-live@lists.debian.org>. (Sun, 07 Feb 2010 14:33:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: intrigeri@boum.org
To: Debian Bug Tracking System <submit@bugs.debian.org>
Cc: control@bugs.debian.org
Subject: live-initramfs: live-media=removable does not work as advertised
Date: Sun, 07 Feb 2010 15:29:55 +0100
Package: live-initramfs
Version: 1.173.1-1
Severity: normal
Tags: security, patch

Hi,

The manpage section about the live-media= boot parameter states
that

     the keyword 'removable' can be used to limit the search of
     acceptable live media to removable type only.

The *only* part of the specification is pretty important when some
high degree of trust has to be put into a Live system: booting another
Live system than the one you think, without being told, can lead to
severe problems... especially for Live systems such as amnesia[1],
that aim at offering some privacy guarantees to their users. This is
why I set the security tag to this bug, which might be disputable.

The bugs/live-media branch of amnesia's Git repository[2] (Gitweb [3])
has a commit (5e8a2f10610d35fc40b859e8f15a9cd6f01827b9) that fixes
this issue, by actually implementing the documented behaviour.

So... please pull :)

[1] https://amnesia.boum.org/
[2] git://git.immerda.ch/amnesia_live-initramfs.git
[3] http://git.immerda.ch/?p=amnesia_live-initramfs.git;a=summary

Bye,
--
  intrigeri <intrigeri@boum.org>
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr-fingerprint.asc
  | The impossible just takes a bit longer.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Live <debian-live@lists.debian.org>:
Bug#568750; Package live-initramfs. (Sun, 07 Feb 2010 17:21:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to daniel@debian.org:
Extra info received and forwarded to list. Copy sent to Debian Live <debian-live@lists.debian.org>. (Sun, 07 Feb 2010 17:21:03 GMT) Full text and rfc822 format available.

Message #10 received at 568750@bugs.debian.org (full text, mbox):

From: Daniel Baumann <daniel@debian.org>
To: intrigeri@boum.org
Cc: 568750@bugs.debian.org
Subject: Re: Bug#568750: live-initramfs: live-media=removable does not work as advertised
Date: Sun, 07 Feb 2010 18:17:02 +0100
tag 568750 - security
tag 568750 pending
thanks

intrigeri@boum.org wrote:
> The *only* part of the specification is pretty important when some
> high degree of trust has to be put into a Live system:

ack.

> This is why I set the security tag to this bug, which might be disputable.

imho, the tag is not appropriate here, removing it.

> So... please pull :)

thanks! just done ;)

Regards,
Daniel

-- 
Address:        Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist
Email:          daniel.baumann@panthera-systems.net
Internet:       http://people.panthera-systems.net/~daniel-baumann/




Removed tag(s) security. Request was from Daniel Baumann <daniel@debian.org> to control@bugs.debian.org. (Sun, 07 Feb 2010 17:21:04 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Daniel Baumann <daniel@debian.org> to control@bugs.debian.org. (Sun, 07 Feb 2010 17:21:05 GMT) Full text and rfc822 format available.

Reply sent to daniel@debian.org:
You have taken responsibility. (Mon, 15 Mar 2010 06:06:04 GMT) Full text and rfc822 format available.

Notification sent to intrigeri@boum.org:
Bug acknowledged by developer. (Mon, 15 Mar 2010 06:06:04 GMT) Full text and rfc822 format available.

Message #19 received at 568750-done@bugs.debian.org (full text, mbox):

From: Daniel Baumann <daniel@debian.org>
To: 568750-done@bugs.debian.org
Subject: Re: live-initramfs: live-media=removable does not work as advertised,version graph
Date: Mon, 15 Mar 2010 07:04:29 +0100
Version: 1.173.2-1

-- 
Address:        Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist
Email:          daniel.baumann@panthera-systems.net
Internet:       http://people.panthera-systems.net/~daniel-baumann/




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 12 Apr 2010 07:35:09 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 01:09:36 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.