Major Linux security hole gapes open

Linux on ThinkPads
Post Reply
Message
Author

jdk
Junior Member
Junior Member
Posts: 264
Joined: Mon Jan 03, 2011 9:08 pm
Location: Pinehurst, North Carolina

Re: Major Linux security hole gapes open

#2 Post by jdk » Sun Nov 27, 2016 10:59 pm

That unencrypted /boot partition rears its ugly head again.

Last year you just had to hit backspace exactly 28 times and it would drop you to a shell.

Sometimes I wonder if these backdoors to /boot are intentional.
Cyrix 6x86

ZaZ
moderator
moderator
Posts: 4502
Joined: Fri May 13, 2005 1:33 pm
Location: Minnesota

Re: Major Linux security hole gapes open

#3 Post by ZaZ » Mon Nov 28, 2016 3:12 pm

jdk wrote:Sometimes I wonder if these backdoors to /boot are intentional.
You've got to remember the number of people writing the code is dwarfed by the number of people looking for vulnerabilities.
ProBook 470 G3

evening_hunger
Sophomore Member
Posts: 206
Joined: Thu Nov 26, 2015 2:55 pm
Location: Rouen, France

Re: Major Linux security hole gapes open

#4 Post by evening_hunger » Mon Nov 28, 2016 5:27 pm

I might be wrong but I think if you have entire filesystem encrypted, having acces to /boot (even root acces) doesn't give you any way to get to files. Not even root can decrypt without the key/password, which is not hashed anywhere.
x220/i7-2620M/8GB/256gb.ssd/ips/debian (main driver)
x230/i5/8GB/500gb.hdd+256gb.m2ssd/tn/debian+win7 (better half)

jdk
Junior Member
Junior Member
Posts: 264
Joined: Mon Jan 03, 2011 9:08 pm
Location: Pinehurst, North Carolina

Re: Major Linux security hole gapes open

#5 Post by jdk » Tue Nov 29, 2016 7:08 am

evening_hunger wrote:I might be wrong but I think if you have entire filesystem encrypted, having acces to /boot (even root acces) doesn't give you any way to get to files. Not even root can decrypt without the key/password, which is not hashed anywhere.
Yeah, true FDE has been possible for at least 2 years with grub2, but none of the installers have been updated to make it easy to set up.

With OpenBSD, it's literally one bioctl command prior to installation.
Cyrix 6x86

evening_hunger
Sophomore Member
Posts: 206
Joined: Thu Nov 26, 2015 2:55 pm
Location: Rouen, France

Re: Major Linux security hole gapes open

#6 Post by evening_hunger » Tue Nov 29, 2016 11:23 am

I consider myself relatively dumb, but was able to do this when installing my Debian 2 years ago. So not that tragic after all:)
x220/i7-2620M/8GB/256gb.ssd/ips/debian (main driver)
x230/i5/8GB/500gb.hdd+256gb.m2ssd/tn/debian+win7 (better half)

jaspen-meyer
Senior Member
Senior Member
Posts: 719
Joined: Wed May 19, 2010 11:21 pm
Location: Pardubice, Czech Republic
Contact:

Re: Major Linux security hole gapes open

#7 Post by jaspen-meyer » Fri Dec 02, 2016 5:06 am

ZaZ wrote:
jdk wrote:Sometimes I wonder if these backdoors to /boot are intentional.
You've got to remember the number of people writing the code is dwarfed by the number of people looking for vulnerabilities.
It's much easier to hide the treasure chest than than to find it.
T420 i7 3612QM; T420 i7 3630QM; T400 Q9100; x60s libreboot, led; x24 xiphmont led

Post Reply
  • Similar Topics
    Replies
    Views
    Last post

Return to “Linux Questions”

Who is online

Users browsing this forum: No registered users and 2 guests