Thinkpads Forum

That unencrypted /boot partition rears its ugly head again.

Last year you just had to hit backspace exactly 28 times and it would drop you to a shell.

Sometimes I wonder if these backdoors to /boot are intentional.

jdk wrote:Sometimes I wonder if these backdoors to /boot are intentional.

You've got to remember the number of people writing the code is dwarfed by the number of people looking for vulnerabilities.

I might be wrong but I think if you have entire filesystem encrypted, having acces to /boot (even root acces) doesn't give you any way to get to files. Not even root can decrypt without the key/password, which is not hashed anywhere.

evening_hunger wrote:I might be wrong but I think if you have entire filesystem encrypted, having acces to /boot (even root acces) doesn't give you any way to get to files. Not even root can decrypt without the key/password, which is not hashed anywhere.

Yeah, true FDE has been possible for at least 2 years with grub2, but none of the installers have been updated to make it easy to set up.

With OpenBSD, it's literally one bioctl command prior to installation.

I consider myself relatively dumb, but was able to do this when installing my Debian 2 years ago. So not that tragic after all:)

ZaZ wrote:

jdk wrote:Sometimes I wonder if these backdoors to /boot are intentional.

You've got to remember the number of people writing the code is dwarfed by the number of people looking for vulnerabilities.

It's much easier to hide the treasure chest than than to find it.