Bug#720735: initramfs-tools: mkinitramfs uses ldd, which is insecure and generates core dumps

2016-01-22 Thread Vincent Lefevre
Control: tags -1 - moreinfo On 2016-01-22 02:36:44 +, Ben Hutchings wrote: > Do you think there is still a bug to fix here, or can this be closed? Well, the core dump problem has been fixed in the kernel. Now, I think that if there is an issue, it is in ldd. It is still not clear whether

Bug#720735: initramfs-tools: mkinitramfs uses ldd, which is insecure and generates core dumps

2016-01-21 Thread Ben Hutchings
Control: tag -1 moreinfo On Sun, 25 Aug 2013 00:37:53 +0200 Vincent Lefevre wrote: > Package: initramfs-tools > Version: 0.113 > Severity: important > Tags: security >  > I've noticed that when running update-initramfs, a core dump was > generated in the current directory,

Bug#720735: initramfs-tools: mkinitramfs uses ldd, which is insecure and generates core dumps

2014-09-29 Thread Ben Hutchings
Control: retitle -1 initramfs-tools: Use static check for library dependencies instead of ldd Control: severity -1 normal On Sun, 2013-08-25 at 14:38 +0200, Vincent Lefevre wrote: On 2013-08-25 09:53:07 +0100, Ben Hutchings wrote: No, this has a defined meaning in FHS:

Bug#720735: initramfs-tools: mkinitramfs uses ldd, which is insecure and generates core dumps

2013-08-25 Thread Ben Hutchings
On Sun, 2013-08-25 at 02:13 +0200, Vincent Lefevre wrote: On 2013-08-25 00:47:36 +0100, Ben Hutchings wrote: What? It belongs to glibc; $ dpkg -S /libx32 libc6-x32: /libx32 If libc6-x32 is not installed, this directory doesn't belong to anything! $ dpkg -S /libx32 dpkg-query: no

Bug#720735: initramfs-tools: mkinitramfs uses ldd, which is insecure and generates core dumps

2013-08-25 Thread Vincent Lefevre
On 2013-08-25 09:53:07 +0100, Ben Hutchings wrote: No, this has a defined meaning in FHS: http://www.pathname.com/fhs/pub/fhs-2.3.html#LIBLTQUALGTALTERNATEFORMATESSENTIAL OK (both the French and English versions of the Wikipedia article didn't mention these directories... I've updated them

Bug#720735: initramfs-tools: mkinitramfs uses ldd, which is insecure and generates core dumps

2013-08-24 Thread Vincent Lefevre
Package: initramfs-tools Version: 0.113 Severity: important Tags: security I've noticed that when running update-initramfs, a core dump was generated in the current directory, which is in itself a first bug. After looking at this problem with strace, I saw that this came from: /usr/bin/ldd

Bug#720735: initramfs-tools: mkinitramfs uses ldd, which is insecure and generates core dumps

2013-08-24 Thread Ben Hutchings
Control: tag -1 - security On Sun, 2013-08-25 at 00:37 +0200, Vincent Lefevre wrote: Package: initramfs-tools Version: 0.113 Severity: important Tags: security I've noticed that when running update-initramfs, a core dump was generated in the current directory, which is in itself a first

Bug#720735: initramfs-tools: mkinitramfs uses ldd, which is insecure and generates core dumps

2013-08-24 Thread Vincent Lefevre
On 2013-08-25 00:47:36 +0100, Ben Hutchings wrote: What? It belongs to glibc; $ dpkg -S /libx32 libc6-x32: /libx32 If libc6-x32 is not installed, this directory doesn't belong to anything! $ dpkg -S /libx32 dpkg-query: no path found matching pattern /libx32 So, there's nothing wrong in