This bug was fixed in the package initramfs-tools - 0.142ubuntu25
---------------
initramfs-tools (0.142ubuntu25) noble; urgency=medium
* Copy only dhcpcd user into initramfs /etc/passwd (LP: #2059739)
* autopkgtest: Ignore remainig udev processes also on amd64
-- Benjamin Drung <bdr...@ubuntu.com> Wed, 17 Apr 2024 17:55:09 +0200
** Changed in: initramfs-tools (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/2059739
Title:
initramfs-tools 0.142ubuntu23 copies host /etc/passwd into initramfs
Status in initramfs-tools package in Ubuntu:
Fix Released
Bug description:
Recent changes to the dhcpd hook shipped with dhcpdinitramfs-tools
0.142ubuntu23 (noble-dev) copy the host /etc/passwd into the initramfs-image:
https://git.launchpad.net/ubuntu/+source/initramfs-tools/commit/hooks/dhcpcd?h=applied/ubuntu/noble&id=73c865b9d234087d977d7baa20852639746567fd
This has multiple problems:
* The passwd file is copied without checking if the dhcpcd user actually
exists (which is created by dhcpcd package, but only dhcpcd-base is installed
via dependencies)
* The change breaks dropbear-initramfs because the passwd file contains a
root user with a non existing home directory
* leaking user information into initramfs (which may or may not be a problem
on fully encrypted systems)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2059739/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
