[Bug 2059739] Re: initramfs-tools 0.142ubuntu23 copies host /etc/passwd into initramfs
Benjamin Drung
2059739 at bugs.launchpad.net
Fri Apr 5 19:41:05 UTC 2024
Thank you for taking the time to report this bug and contributing to
Ubuntu. The dhcpcd user is created by dhcpcd-base. So the user should
exist.
Please test the attached patch that only copies the dhcpcd user into the
initramfs.
** Patch added: "0001-Copy-only-dhcpcd-user-into-initramfs-etc-passwd.patch"
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2059739/+attachment/5761741/+files/0001-Copy-only-dhcpcd-user-into-initramfs-etc-passwd.patch
** Changed in: initramfs-tools (Ubuntu)
Importance: Undecided => Medium
** Changed in: initramfs-tools (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/2059739
Title:
initramfs-tools 0.142ubuntu23 copies host /etc/passwd into initramfs
Status in initramfs-tools package in Ubuntu:
In Progress
Bug description:
Recent changes to the dhcpd hook shipped with dhcpdinitramfs-tools 0.142ubuntu23 (noble-dev) copy the host /etc/passwd into the initramfs-image:
https://git.launchpad.net/ubuntu/+source/initramfs-tools/commit/hooks/dhcpcd?h=applied/ubuntu/noble&id=73c865b9d234087d977d7baa20852639746567fd
This has multiple problems:
* The passwd file is copied without checking if the dhcpcd user actually exists (which is created by dhcpcd package, but only dhcpcd-base is installed via dependencies)
* The change breaks dropbear-initramfs because the passwd file contains a root user with a non existing home directory
* leaking user information into initramfs (which may or may not be a problem on fully encrypted systems)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2059739/+subscriptions
More information about the foundations-bugs
mailing list