Re: [PLUG] root shell

brent timothy saner on 16 Nov 2016 12:20:26 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] root shell

From: brent timothy saner <brent.saner@gmail.com>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] root shell
Date: Wed, 16 Nov 2016 15:20:10 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:openpgp:message-id:date:user-agent :mime-version:in-reply-to; bh=qXknAT18Wjitn8hozvMfGcvoZHRjvO5CLBSmfhvV5aI=; b=WrwXj//n+GB0TNlqArQvfhoNRjG3E+4SGOTPhxQ995lUWdfW1Uj/wd71zVhX9ySpCr HUoTu4mH4YKssd4bLlvAFjX+ibEnAHx16VQaWa38BpXdc0mCHUrptDoumei0m+22WDM9 Hl3kjb6i5t0eAbEsV077u1Wgeh+L7uo6L59YybtM3MM5XieCjf2CDV4YZk1w/KVDspyL MldUEW+i+rRU3HbWXk0U+kDs6oq1tqj8ETqLFD6tQ/JBtOl8FoHQC9m5mS3pTmo9mZmE dDWbaGeps1GrNRp8OHD02GpSP4z8yYoMUPA5VYI7MpwMQRgSLgEVJ8hFj8gUKjPScRuH sT6Q==
Openpgp: id=748231EBCBD808A14F5E85D28C004C2F93481F6B
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0

On 11/16/2016 03:03 PM, JP Vossen wrote:
(SNIP)
> The fact is that even on a "whole disk" encrypted system, parts of it
> are not encrypted.  If you can get at those parts--however you do
> it--you can plant trojans, redirect data streams or whatever else.  This
> vulnerability makes it easier to do that and that's not good, but that's
> all it does and it looks trivially easy to fix.
> 
> Thoughts?

yep, fully agreed. there's been some chatter in the IRC channel.

as i've noted in the channel, you can do the same thing (literally, the
same shell- busybox) in GRUB (and how many of you have unlocked
bootloaders, and allow booting without a passphrase?):

on the kernel line:

for sys-v style init:
kernel ... single

for systemd:
kernel ... systemd.unit=rescue.target

same exact thing. the nice thing about arch is it uses systemd initrd,
so the login can copy in the /etc/passwd and /etc/shadow and uses login
via that. (initrd customization in Arch is actually quite easy at that-
even easier than dracut.)

but fully agreed- if this got a CVE, then so should there be a CVE for
being able to boot to USB/livecd. or one for cases where unlocked grub
allows booting to the initrd rescue system. etc.

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] root shell
  - From: jeff <jeffv@op.net>
- Re: [PLUG] root shell
  - From: JP Vossen <jp@jpsdomain.org>

Prev by Date: Re: [PLUG] root shell
Next by Date: Re: [PLUG] root shell
Previous by thread: Re: [PLUG] root shell
Next by thread: Re: [PLUG] root shell
Index(es):
- Date
- Thread