|brent timothy saner on 16 Nov 2016 12:20:26 -0800|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|Re: [PLUG] root shell|
On 11/16/2016 03:03 PM, JP Vossen wrote: (SNIP) > The fact is that even on a "whole disk" encrypted system, parts of it > are not encrypted. If you can get at those parts--however you do > it--you can plant trojans, redirect data streams or whatever else. This > vulnerability makes it easier to do that and that's not good, but that's > all it does and it looks trivially easy to fix. > > Thoughts? yep, fully agreed. there's been some chatter in the IRC channel. as i've noted in the channel, you can do the same thing (literally, the same shell- busybox) in GRUB (and how many of you have unlocked bootloaders, and allow booting without a passphrase?): on the kernel line: for sys-v style init: kernel ... single for systemd: kernel ... systemd.unit=rescue.target same exact thing. the nice thing about arch is it uses systemd initrd, so the login can copy in the /etc/passwd and /etc/shadow and uses login via that. (initrd customization in Arch is actually quite easy at that- even easier than dracut.) but fully agreed- if this got a CVE, then so should there be a CVE for being able to boot to USB/livecd. or one for cases where unlocked grub allows booting to the initrd rescue system. etc.
Description: OpenPGP digital signature