Take a look at our
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message
ThinkPads.com HOME PAGE
For those who might want to contribute to the blog, start here: Editors Alley Topic
Then contact Bill with a Private Message
Major Linux security hole gapes open
-
- Admin Emeritus
- Posts: 23825
- Joined: Mon Sep 18, 2006 5:17 am
- Location: Loch Garman, Éire
Re: Major Linux security hole gapes open
That unencrypted /boot partition rears its ugly head again.
Last year you just had to hit backspace exactly 28 times and it would drop you to a shell.
Sometimes I wonder if these backdoors to /boot are intentional.
Last year you just had to hit backspace exactly 28 times and it would drop you to a shell.
Sometimes I wonder if these backdoors to /boot are intentional.
unix_joe
Me: ThinkPad Z13 - Debian Stable KDE
Wife: ThinkPad Z16 - Pop!_OS
Kids: ThinkPad X280 - Debian Stable Gnome
TV: ThinkPad P14s - Debian Stable
Me: ThinkPad Z13 - Debian Stable KDE
Wife: ThinkPad Z16 - Pop!_OS
Kids: ThinkPad X280 - Debian Stable Gnome
TV: ThinkPad P14s - Debian Stable
Re: Major Linux security hole gapes open
You've got to remember the number of people writing the code is dwarfed by the number of people looking for vulnerabilities.jdk wrote:Sometimes I wonder if these backdoors to /boot are intentional.
ThinkPad L14 - 2.1GHz Ryzen 4650U | 16GB | 256GB | 14" FHD | Win11P
ProBook 470 G5 - 1.6GHz Core i5 | 16GB | 2.2TB | 17" FHD | Mint
ProBook 470 G5 - 1.6GHz Core i5 | 16GB | 2.2TB | 17" FHD | Mint
-
- Junior Member
- Posts: 303
- Joined: Thu Nov 26, 2015 2:55 pm
- Location: Normandy, France
Re: Major Linux security hole gapes open
I might be wrong but I think if you have entire filesystem encrypted, having acces to /boot (even root acces) doesn't give you any way to get to files. Not even root can decrypt without the key/password, which is not hashed anywhere.
T14amdR7-4750U/32GB/500gb.ssd/debian_testing (main driver)
X320/i7-2620M/8GB/256gb.ssd/FHD13.3''IPS/debian_testing (ex-main driver)
T30Pentium-M 4 1.8Ghz 512MB RAM - under restoration
X230/i5/8GB/500gb.hdd+256gb.m2ssd/IPS/debian_stable+win7
755CE, 486DX, approx 28MB RAM (Win95 JP)
X320/i7-2620M/8GB/256gb.ssd/FHD13.3''IPS/debian_testing (ex-main driver)
T30Pentium-M 4 1.8Ghz 512MB RAM - under restoration
X230/i5/8GB/500gb.hdd+256gb.m2ssd/IPS/debian_stable+win7
755CE, 486DX, approx 28MB RAM (Win95 JP)
Re: Major Linux security hole gapes open
Yeah, true FDE has been possible for at least 2 years with grub2, but none of the installers have been updated to make it easy to set up.evening_hunger wrote:I might be wrong but I think if you have entire filesystem encrypted, having acces to /boot (even root acces) doesn't give you any way to get to files. Not even root can decrypt without the key/password, which is not hashed anywhere.
With OpenBSD, it's literally one bioctl command prior to installation.
unix_joe
Me: ThinkPad Z13 - Debian Stable KDE
Wife: ThinkPad Z16 - Pop!_OS
Kids: ThinkPad X280 - Debian Stable Gnome
TV: ThinkPad P14s - Debian Stable
Me: ThinkPad Z13 - Debian Stable KDE
Wife: ThinkPad Z16 - Pop!_OS
Kids: ThinkPad X280 - Debian Stable Gnome
TV: ThinkPad P14s - Debian Stable
-
- Junior Member
- Posts: 303
- Joined: Thu Nov 26, 2015 2:55 pm
- Location: Normandy, France
Re: Major Linux security hole gapes open
I consider myself relatively dumb, but was able to do this when installing my Debian 2 years ago. So not that tragic after all:)
T14amdR7-4750U/32GB/500gb.ssd/debian_testing (main driver)
X320/i7-2620M/8GB/256gb.ssd/FHD13.3''IPS/debian_testing (ex-main driver)
T30Pentium-M 4 1.8Ghz 512MB RAM - under restoration
X230/i5/8GB/500gb.hdd+256gb.m2ssd/IPS/debian_stable+win7
755CE, 486DX, approx 28MB RAM (Win95 JP)
X320/i7-2620M/8GB/256gb.ssd/FHD13.3''IPS/debian_testing (ex-main driver)
T30Pentium-M 4 1.8Ghz 512MB RAM - under restoration
X230/i5/8GB/500gb.hdd+256gb.m2ssd/IPS/debian_stable+win7
755CE, 486DX, approx 28MB RAM (Win95 JP)
-
- Senior Member
- Posts: 837
- Joined: Wed May 19, 2010 11:21 pm
- Location: Pardubice, Czech Republic
- Contact:
Re: Major Linux security hole gapes open
It's much easier to hide the treasure chest than than to find it.ZaZ wrote:You've got to remember the number of people writing the code is dwarfed by the number of people looking for vulnerabilities.jdk wrote:Sometimes I wonder if these backdoors to /boot are intentional.
T420 i7 3612QM seabios; T420 i7 3630QM; T400 Q9100 seabios; T61 P9600; T60 libreboot; x62; x60s libreboot, led; x24 xiphmont led
-
- Similar Topics
- Replies
- Views
- Last post
-
-
x200 devotee still trying to make it work--open to any ideas...
by mtgal » Thu Jan 25, 2024 7:55 pm » in ThinkPad X200/X201/X220 and X300/X301 Series - 21 Replies
- 3286 Views
-
Last post by mikemex
Wed Jan 31, 2024 1:34 am
-
-
-
updating T480 bios without Windows (I use Linux)
by redglow » Fri Nov 03, 2023 3:15 am » in ThinkPad T430-T490 / T530-T590 Series - 25 Replies
- 30405 Views
-
Last post by redglow
Tue Nov 14, 2023 1:00 pm
-
-
-
thinkpad t440p Linux trackpad + trackpoint not working.
by jaggreaney » Thu Nov 09, 2023 2:54 pm » in ThinkPad T430-T490 / T530-T590 Series - 1 Replies
- 2795 Views
-
Last post by RealBlackStuff
Thu Nov 09, 2023 11:48 pm
-
-
- 4 Replies
- 5266 Views
-
Last post by marttt
Mon Jan 15, 2024 2:15 am
Who is online
Users browsing this forum: No registered users and 12 guests