Ubuntu
cloud-initramfs-tools package

[MIR] cloud-initramfs-tools

Bug #726572 reported by Scott Moser
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cloud-initramfs-tools (Ubuntu)
Fix Released
Undecided
Scott Moser
Ubuntu ubuntu-11.04-beta-2
Natty
Fix Released
Undecided
Scott Moser
Ubuntu ubuntu-11.04-beta-2

Bug Description

* Availability: package is in universe [1]
* Rationale: This package helps achieve blueprint [2]. It is useful to users of the Ubuntu HVM instances types on EC2, other EC2 and UEC instance types where the user cannot access the instance, and users of UEC images outside UEC/EC2.
* Security: There is very little security concern for this package. It builds function into the initramfs.
* Quality Assurance: Ubuntu bugs are filed at [3]. This is not a debian package.
* Dependencies: all build dependencies are in main
* Standards compliance: The package implements a very standard initramfs-tools plugin
* Maintenance: This is a Ubuntu only package, and will require maintenance by the Ubuntu server team. However, it is very small and is not expected to require much effort to maintain.
* Background information:
 The cloud-initramfs-tools package provides 2 binary packages:
 * cloud-initramfs-growroot will automatically resize the root partition on first boot of an instance. In many cloud environments, the user can specify how large they would like the disk to be at launch time. This initramfs plugin will re-write the partition table of the root filesystem so that it utilizes available space. It is necessary to avoid a require reboot to unmount the rootfs so that the kernel will re-read the partition table.
 * cloud-initramfs-rescuevol will boot off of a volume that is labeled "RESCUE_VOL" if it is present on boot. This allows a user of an instance to potentially save/repair an instance that is unreachable by attaching a new disk and rebooting.

--
[1] https://launchpad.net/ubuntu/+source/cloud-initramfs-tools
[2] https://blueprints.launchpad.net/ubuntu/+spec/cloud-server-n-cloud-images
[3] https://bugs.launchpad.net/ubuntu/+source/cloud-initramfs-tools

This is a place holder bug for getting cloud-initramfs-tools into main.
It will be updated with thorough description later.

See original description
Scott Moser (smoser)
Changed in cloud-initramfs-tools (Ubuntu):
assignee: nobody → Scott Moser (smoser)
status: New → Triaged
Scott Moser (smoser)
summary: - MIR cloud-initramfs-tools
+ [MIR] cloud-initramfs-tools
Scott Moser (smoser)
description: updated
description: updated
Revision history for this message
Kees Cook (kees) wrote :

cloud-initramfs-growroot: seems fine.

cloud-initramfs-rescuevol:
I see no sane problems with this. If an attacker is in a position to be attaching volumes and rebooting, there are all kinds of other insane stuff they could do too.

The only thing I see as remotely "funny" would be what you outlined in email -- if they somehow have access to the label of an attached device and can trigger a reboot. But ... again, this falls into an existing vulnerability category.

I don't think it's a problem at all.

+1

Changed in cloud-initramfs-tools (Ubuntu Natty):
milestone: none → ubuntu-11.04-beta-2
status: Triaged → In Progress
Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Committed revision 1818 to natty uec seed, adding cloud-initramfs-tools.

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Archive promotion processed.

lp_archive@cocoplum:~/syncs$ change-override.py -c main -S cloud-initramfs-tools
2011-04-11 17:19:46 INFO Creating lockfile: /var/lock/launchpad-change-override.lock
2011-04-11 17:19:56 INFO Override Component to: 'main'
2011-04-11 17:20:05 INFO 'cloud-initramfs-tools - 0.1ubuntu1/universe/admin' source overridden
2011-04-11 17:20:05 INFO 'cloud-initramfs-growroot-0.1ubuntu1/universe/admin/EXTRA' binary overridden in natty/amd64
2011-04-11 17:20:05 INFO 'cloud-initramfs-growroot-0.1ubuntu1/universe/admin/EXTRA' binary overridden in natty/armel
2011-04-11 17:20:05 INFO 'cloud-initramfs-growroot-0.1ubuntu1/universe/admin/EXTRA' binary overridden in natty/i386
2011-04-11 17:20:05 INFO 'cloud-initramfs-growroot-0.1ubuntu1/universe/admin/EXTRA' binary overridden in natty/powerpc
2011-04-11 17:20:05 INFO 'cloud-initramfs-rescuevol-0.1ubuntu1/universe/admin/EXTRA' binary overridden in natty/amd64
2011-04-11 17:20:05 INFO 'cloud-initramfs-rescuevol-0.1ubuntu1/universe/admin/EXTRA' binary overridden in natty/armel
2011-04-11 17:20:05 INFO 'cloud-initramfs-rescuevol-0.1ubuntu1/universe/admin/EXTRA' binary overridden in natty/i386
2011-04-11 17:20:05 INFO 'cloud-initramfs-rescuevol-0.1ubuntu1/universe/admin/EXTRA' binary overridden in natty/powerpc
Confirm this transaction? [yes, no] yes
2011-04-11 17:20:27 INFO Transaction committed.
2011-04-11 17:20:27 INFO Done.

Changed in cloud-initramfs-tools (Ubuntu Natty):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.