CVE-2016-4484

[stuffresearch]

Need to be fixed

[slashbeast]

The better-initramfs have well documented feature of rescue shell, to be dropped into on any failure. You can even control-D the password prompt to get a shell. So what do you wish to be fixed here?

[stuffresearch]

Hey slash ! how are you doing ?

Yes I know and you right. What you think to add a feature to not drop the shell by default

I have modified the rescueshell() to perform a reboot in case of luks passphrase failture.

Sorry about the issue tittle. I did wrong

I just took a look a few minutes ago in the code

[slashbeast]

A feature that wouldn't drop to shell would give a false sense of security. As long as the box can be physically accessed there's no real way to protect it. In such use case the initramfs should be stripped to bare minimum.