[pkg-cryptsetup-devel] Bug#901795: cryptsetup-initramfs: please provide documented shell functions to validate/sanitize cryptroot entries in 3rd party hook files
Christoph Anton Mitterer
calestyo at scientia.net
Sat Sep 11 17:31:33 BST 2021
On Sat, 2021-09-11 at 18:06 +0200, Guilhem Moulin wrote:
> Not wrong in my view, but incomplete and using undocumented escape
> sequences yields unspecified behavior.
Well the problem is simply that anyone who uses in any of the fields
e.g. \n will end up getting a true newline and not the literal \n, as
one would assume from the documentation, which just mentions the octal
escapes.
Btw, there might also be a subtle security issue:
If, for some reason, normal users are allowed to directly or indirectly
control the contents of crypttab, they could probably inject shell code
here:
eval "CRYPTTAB_OPTION_$OPTION"='${VALUE-yes}'
Cheers,
Chris.
More information about the pkg-cryptsetup-devel
mailing list