initramfs-tools 0.142ubuntu23 copies host /etc/passwd into initramfs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
initramfs-tools (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Recent changes to the dhcpd hook shipped with dhcpdinitramfs-
https:/
This has multiple problems:
* The passwd file is copied without checking if the dhcpcd user actually exists (which is created by dhcpcd package, but only dhcpcd-base is installed via dependencies)
* The change breaks dropbear-initramfs because the passwd file contains a root user with a non existing home directory
* leaking user information into initramfs (which may or may not be a problem on fully encrypted systems)
tags: | added: patch |
Changed in initramfs-tools (Ubuntu): | |
status: | In Progress → Fix Committed |
Thank you for taking the time to report this bug and contributing to Ubuntu. The dhcpcd user is created by dhcpcd-base. So the user should exist.
Please test the attached patch that only copies the dhcpcd user into the initramfs.