Bug#906124: grub-efi-amd64: Also in grub-efi-amd64

2020-10-03 Thread Vladislav Yarmak
ly: https://media.defense.gov/2020/Sep/15/2002497594/-1/-1/0/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF Interesting fact, they skip initramdrive verification as well, and modern distros make it's verification next to impossible. -- Best Rega

Bug#906124: Another attempt

2019-10-02 Thread Vladislav Yarmak
out verification (due to --skip-sig option of "trust" command or because enforce mode was not enabled prior to trusting key). This flag can be local to PGP module, so we can query it when we need to know it's state. What do you think? Is this approach looks sound to you? -- Best Regards, Vladislav Yarmak

Bug#906124: Additional debug info

2019-07-18 Thread Vladislav Yarmak
On Thu, 18 Jul 2019 15:06:55 -0400 Mathieu Trudel-Lapierre wrote: > On Thu, Jul 18, 2019 at 10:01 AM Colin Watson > wrote: > > On Mon, Jul 08, 2019 at 09:15:49PM +0300, Vladislav Yarmak wrote: > > > On Mon, 8 Jul 2019 14:57:08 +0100 Colin Watson > > > wrote

Bug#906124: Additional debug info

2019-07-18 Thread Vladislav Yarmak
uxefi_secure_validate to skip validation when PGP is active same way it does if secureboot is not enabled at all (there are already some cases when linuxefi skips validation, so it will be probably ok to keep in one place). -- Best Regards, Vladislav Yarmak

Bug#906124: Additional debug info

2019-07-11 Thread Vladislav Yarmak
Hello, Can I please have some feedback on my patch or hear back about state of things? -- Best Regards, Vladislav Yarmak

Bug#906124: Additional debug info

2019-07-08 Thread Vladislav Yarmak
lback.patch attached, which does what was discussed here. I just tested it and it works. Here is gist link just in case if bugtracker strips attaches: https://gist.github.com/Snawoot/d669d8302262e7b377ac7a9e65f90b89 May I hope it'll be included into Debian updates? -- Best Regards, Vladislav

Bug#906124: Additional debug info

2019-07-08 Thread Vladislav Yarmak
o ask: is there any specific plans about this bug? -- Best Regards, Vladislav Yarmak

Bug#834949: lshell: Shell outbreak due to bad syntax parse

2016-08-20 Thread Vladislav Yarmak
Package: lshell Version: 0.9.16-1 Severity: grave Tags: security upstream Justification: user security hole lshell fails to parse shell syntax correctly and restrictions can be overrun: root@debian:~# getent passwd testuser testuser:x:1001:1001:,,,:/home/testuser:/usr/bin/lshell root@debian:~# su

Bug#834946: lshell: Shell outbreak with multiline commands

2016-08-20 Thread Vladislav Yarmak
Package: lshell Version: 0.9.16-1 Severity: grave Tags: security upstream Justification: user security hole Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Vladislav Yarmak To: Debian Bug Tracking System Subject: lshell: Shell out